Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/astteam/xxe
《Web安全教程之XXE漏洞》XML External Entity Injection.
https://github.com/astteam/xxe
0e0w astteam getshell xxe
Last synced: about 2 months ago
JSON representation
《Web安全教程之XXE漏洞》XML External Entity Injection.
- Host: GitHub
- URL: https://github.com/astteam/xxe
- Owner: ASTTeam
- Created: 2020-12-01T00:04:15.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2024-01-23T09:26:32.000Z (11 months ago)
- Last Synced: 2024-02-25T12:42:47.267Z (10 months ago)
- Topics: 0e0w, astteam, getshell, xxe
- Homepage:
- Size: 6.84 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 《深入理解WEB漏洞之XXE漏洞》
本项目用来收集整理XXE漏洞的相关内容,包括XXE的利用方法工具或思路等。XXE漏洞往往不可以执行命令,但可以通过文件读取方法获取敏感信息,之后进一步Getshell!作者:[0e0w](https://github.com/0e0w)
本项目创建于2022年3月3日,最近的一次更新时间为2024年3月1日。本项目会持续更新,直到海枯石烂!
- [01-XXE漏洞资源]()
- [02-XXE漏洞基础]()
- [03-XXE漏洞工具]()
- [04-XXE渗透测试]()
- [05-XXE代码审计]()
- [06-XXE漏洞赏金]()
- [07-XXE漏洞修复]()## 01-XXE漏洞资源
- https://github.com/topics/XXE
- https://github.com/topics/XXE
- https://github.com/search?q=XXE一、XXE书籍资源
二、XXE培训演讲
三、XXE其他资源
- https://github.com/payloadbox/xxe-injection-payload-list
- https://github.com/omurugur/XXE_Payload_List
- https://github.com/trapp3rhat/XXE-injections
- https://github.com/HLOverflow/XXE-study
- https://github.com/deanf1/dotnet-security-unit-tests
- https://github.com/OlivierLaflamme/Auditing-Vulnerabilities
- https://github.com/samuel-knutson/dotnet-xxe-learning-tests
- https://github.com/hannoch/python-xxe
- https://github.com/mrpinghe/xxe-file-enum
- https://github.com/mprechtl/information-leakage
- https://github.com/rootz491/xxe-castor
- https://github.com/FrancescoDiSalesGithub/XXE-gen
- https://github.com/omurugur/Oracle_CTF_Web_XML_Entity_Exploit
- https://github.com/Wh1t3Fox/xxe.page
- https://github.com/magnus-longva-bouvet/xxe-demo
- https://github.com/yeeyeeweb/XXEER
- https://github.com/BuffaloWill/oxml_xxe
- https://github.com/TheTwitchy/xxer
- https://github.com/staaldraad/xxeserv
- https://github.com/AonCyberLabs/xxe-recursive-download
- https://github.com/joernchen/xxeserve
- https://github.com/ssexxe/XXEBugFind
- https://github.com/hackping/XXEpayload
- https://github.com/GoSecure/xxe-workshop
- https://github.com/ropnop/xxetimes
- https://github.com/Gifts/XXE-OOB-Exploitation-Toolset-for-Automation
- https://github.com/muttiopenbts/kisskissie
- https://github.com/SpiderMate/B-XSSRF
- https://github.com/vulnspy/phpaudit-XXE
- https://github.com/RihaMaheshwari/XXE-Injection-Payloads
- https://github.com/lc/230-OOB
- https://github.com/D4Vinci/XOE
- https://github.com/LandGrey/xxe-ftp-server
- https://github.com/vp777/metahttp
- https://github.com/incredibleindishell/XXE_Vulnerable_codes
- https://github.com/tjcim/xxefr
- https://github.com/sry309/XXE-Payload
- https://github.com/keven1z/XXEDemo
- https://github.com/Maskhe/xxeDemo
- https://github.com/d1y1n/xxetester
- https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
- https://hdivsecurity.com/owasp-xml-external-entities-xxe
- https://vk9-sec.com/xml-external-entity-xxe-injection
- https://www.secpulse.com/archives/178950.html
- https://www.freebuf.com/articles/web/332419.html
- https://www.secpulse.com/archives/189161.html
- https://tttang.com/archive/1813
- https://xz.aliyun.com/t/13355## 02-XXE漏洞基础
一、XXE漏洞概念(XML External Entity Injection)
- 什么是XML?
- XML由3个部分构成,它们分别是:文档类型定义(Document Type Definition,DTD),即XML的布局语言;可扩展的样式语言(Extensible Style Language,XSL),即XML的样式表语言;以及可扩展链接语言(Extensible Link Language,XLL)。
- 四种实体?
- **内置实体**
| 实体 | 实体引用 | 含义 |
| ---- | -------- | ----------------- |
| lt | < | <(小于号) |
| gt | > | >(大于号) |
| amp | & | &(“and”符) |
| apos | ' | '(撇号或单引号) |
| quot | " | "(双引号) |
- **字符实体**
- **通用实体**
- **参数实体**- 什么是XXE漏洞?
- XXE(XML外部实体注入,XML External Entity) ,在应用程序解析XML输入时,当允许引用外部实体时,可构造恶意内容,导致读取任意文件、探测内网端口、攻击内网网站、发起DoS拒绝服务攻击、执行系统命令等。.
- XXE漏洞分类?
- OOB XXE:有回显
- Blind XXE:无回显三、XXE漏洞原理
四、XXE漏洞危害
五、XXE漏洞思考
- XXE漏洞如何执行系统命令?
- Blind XXE 如何读取敏感文件?
- XXE漏洞最大可以读取多少字节的文件?
- XXE和XML注入的区别?## 03-XXE漏洞工具
- 如何开发一个XXE渗透测试和代码审计的工具?
一、XXE payload
- Blind XXE 读取文件
```
%remote;
%send;
]>```
```
// 在服务器中创建此文件,文件名称为h.dtd。通过日志查看读取到的文件内容
">
%ppp;
```二、XXE被动扫描
三、待整理
- https://github.com/GoSecure/dtd-finder
- https://github.com/luisfontes19/xxexploiter
- https://github.com/enjoiz/XXEinjector
- https://github.com/suanve/xxeserver
- https://github.com/whitel1st/docem## 04-XXE渗透测试
一、XXE漏洞挖掘
- 如何挖掘XXE漏洞?
- XXE漏洞经常出现的位置?二、XXE漏洞实战
-
三、XXE高级利用
## 05-XXE代码审计
一、XXE漏洞靶场
- https://github.com/c0ny1/xxe-lab
- https://github.com/keven1z/XXEDemo
- https://github.com/jbarone/xxelab
- https://github.com/brandonprry/vulnerable_xxe
- https://github.com/TheTwitchy/vulnd_xxe
- https://github.com/eileencodes/security_examples二、XXE审计原理
三、XXE危险函数
- 在PHP中:
- 在Java中:
- 在.NET中:四、XXE漏洞分析
- https://github.com/jas502n/CVE-2019-2888
- https://github.com/jamieparfet/Apache-OFBiz-XXE
- https://github.com/Wfzsec/Weblogic-XXE-poc## 06-XXE漏洞赏金
- https://github.com/HoneTeam/XXE
## 07-XXE漏洞修复
- 方案一:使用开发语言提供的禁用外部实体的方法
- PHP:
1. libxml_disable_entity_loader设置为TRUE来禁用外部实体
- Java:
1. DocumentBuilderFactory dbf =DocumentBuilderFactory.newInstance();
2. dbf.setExpandEntityReferences(false);
- Python:
1. from lxml import etree
2. xmlData = etree.parse(xmlSource,etree.XMLParser(resolve_entities=False))
- 方案二:过滤用户提交的XML数据
- 过滤关键词: