先来了解一下xxe漏洞 https://security.tencent.com/index.php/blog/msg/69 https://xz.aliyun.com/t/3357 web 378 我们抓包后看到 本栏目推荐文章XXE漏洞与有回显的XXEJava XXE漏洞原理研究Secure Code Warrior C# Basic OWASP Web Top 10 2017 1: Injection Flaws and 2: Broken Authentication vulnerabilities 3: Sensitive Data Exposure and 4: XXE vulnerabilitiesXXE篇从原理到实战,详解XXE攻击XXE漏洞WEB漏洞-XXE&XML之利用检测绕过全解XXE漏洞XXE载荷Web攻防--Java_SQL注入--XXE注入-- SSTI模板注入--SPEL表达式注入XXE漏洞xxe 实体xxe vulnhub-xxe pikachu-xxe receiveccrequestbyxml-xxe 载荷xxe 靶场vulnhub-xxe漏洞xxe 漏洞web xxe xml java xxe 实体web xxe