Fake XML cookbook 直接改POST即可。注入一个恶意的外部实体,使用file协议,根据题目提示读取flag。 payload: ]> <user><username>&file;</username><password>456</password></user> True XML cookbook 和上一题一样的界面,再次输入上提的payload: 根据提示,感觉flag在/var/ww…
Quote saved.
Login to quote this blog
Failed to save quote. Please try again later.
You cannot quote because this article is private.