XXE

项目说明

本项目为XXE测试demo。项目代码中包含禁止外部实体的代码。

XXE使用的方法及对应的访问地址

CODE	URL
DocumentBuilderFactory	localhost:8080/xxe/xxe1
SAXBuilder	localhost:8080/xxe/xxe2
SAXParserFactory	localhost:8080/xxe/xxe3
SAXReader	localhost:8080/xxe/xxe4
SAXTransformerFactory	localhost:8080/xxe/xxe5
SchemaFactory	localhost:8080/xxe/xxe6
TransformerFactory	localhost:8080/xxe/xxe7
SchemaFactory	localhost:8080/xxe/xxe8
XMLInputFactory	localhost:8080/xxe/xxe9
XMLReader	localhost:8080/xxe/xxe10

项目运行

mvn clean package 或者直接下载release jar包

内部poc

<?xml version="1.0" encoding="ISO-8859-1" ?>
        <!DOCTYPE example [
                <!ELEMENT example ANY >
                <!ENTITY file SYSTEM "http://localhost:10000" >
                ]>
<example>&file;</example>

需要本地监听10000端口

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
src		src
.gitignore		.gitignore
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

XXE

项目说明

XXE使用的方法及对应的访问地址

项目运行

内部poc

About

Releases 1

Packages

Languages

keven1z/XXEDemo

Folders and files

Latest commit

History

Repository files navigation

XXE

项目说明

XXE使用的方法及对应的访问地址

项目运行

内部poc

About

Topics

Resources

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages