In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
How to use local DTD files to make use of XXE loopholes to achieve arbitrary result output, for this problem, this article introduces the corresponding analysis and solutions in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.
Next, I would like to share with you a tip, even if you use local DTD files to exploit XXE vulnerabilities to achieve arbitrary output.
Imagine that you have a XXE that supports external entities, but the server's response is always empty. In this case, you have two options: error-based and out-of-band utilization.
The following is an example based on an error:
Request
Content in ext.dtd
% eval;%error
You see that? You are using an external server for payload delivery. If there is a firewall between you and the target server, what can you do? The answer is nothing can be done!
So what happens if we put the contents of the external DTD file directly into the DOCTYPE tag? There will be some mistakes all the time.
Request
Eval; error;] >
The external DTD allows us to include an entity in the second entity, but it is prohibited in the internal DTD.
What can we do with internal DTD?
To use external DTD syntax in the internal DTD subset, you can enforce the local dtd file on the target host and redefine some parameter entity references in it:
Request
% local_dtd;] > any text
Content in sip-app_1_0.dtd
……
It works because all XML entities are constant, and if you define two entities with the same name, only the first entity is used.
How do I find a local dtd file?
Enumerating should be the easiest way to find files and directories. Here are some examples of successful application of this technique:
Linux%local_dtd;Windows%local_dtd
Thanks to @ Mike_n1 from Positive Technologies for sharing this always-present Windows DTD file path.
Cisco WebEx%local_dtd;Citrix XenMobile Server%local_dtd
Multi-platform IBM WebSphere application
% local_dtd; on how to use local DTD files to use XXE vulnerabilities to achieve arbitrary result output questions are shared here, I hope the above content can be of some help to you, if you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.