×ðÁú¿­Ê±¹ÙÍøµÇ¼

LinuxЧÀÍÆ÷Çå¾²£º¼Ó¹ÌWeb½Ó¿ÚÒÔ×èÖ¹XXE¹¥»÷¡£

LinuxЧÀÍÆ÷Çå¾²£º¼Ó¹ÌWeb½Ó¿ÚÒÔ×èÖ¹XXE¹¥»÷

µ¼ÑÔ£º

Ëæ×ÅWebÓ¦ÓóÌÐòµÄÆÕ±éÓ¦Óã¬Ð§ÀÍÆ÷µÄÇå¾²ÐÔ³ÉΪÁË»¥ÁªÍøÓû§Ô½À´Ô½¹Ø×¢µÄÎÊÌâ¡£ÔÚÒÑÍùµÄ¼¸ÄêÖУ¬ÍⲿʵÌå¼ç¸ºÆðÁË»á¼ûWebЧÀÍÆ÷²¢Ö´ÐпÉÄܵ¼ÖÂЧÀÍÆ÷ÊÜËðµÄ¶ñÒâÐÐΪµÄ½ÇÉ«¡£ÆäÖУ¬XXE¹¥»÷ÊÇÒ»ÖÖ×îΪÆÕ±éºÍΣÏյĹ¥»÷ÀàÐÍÖ®Ò»¡£±¾ÎĽ«ÏÈÈÝXXE¹¥»÷µÄÔ­Àí£¬²¢ÌṩÔõÑù¼Ó¹ÌWeb½Ó¿ÚÒÔÔ¤·ÀXXE¹¥»÷µÄ°ì·¨£¬Ìá¸ßLinuxЧÀÍÆ÷µÄÇå¾²ÐÔ¡£

Ò»¡¢Ê²Ã´ÊÇXXE¹¥»÷£¿

XXE£¨XML External Entity£©¹¥»÷ÊÇͨ¹ýÏòЧÀÍÆ÷·¢ËͶñÒâ½á¹¹µÄXMLÎļþÀ´Ê¹ÓÃЧÀÍÆ÷ÉϵÄÎó²îµÄÒ»ÖÖ¹¥»÷·½·¨¡£¹¥»÷Õß¿ÉÒÔʹÓÃʵÌåÀ©Õ¹ºÍ²ÎÊýʵÌåÀ´¶ÁÈ¡Îļþ¡¢Ö´ÐÐÔ¶³Ì´úÂëµÈ¶ñÒâ²Ù×÷£¬´Ó¶ø»ñÈ¡Ãô¸ÐÐÅÏ¢²¢¶ÔЧÀÍÆ÷¾ÙÐÐδÊÚȨ»á¼û¡£

ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄÓÃÓÚÑÝʾXXE¹¥»÷µÄXMLÎļþ£º

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
    <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root>
    <data>&xxe;</data>
</root>

µÇ¼ºó¸´ÖÆ

ÉÏÊöXMLÎļþÖУ¬Í¨¹ýʹÓÃÍⲿʵÌåµÄ·½·¨¶ÁÈ¡ÁËЧÀÍÆ÷ÉϵÄ/etc/passwdÎļþ£¬µ¼ÖÂÃô¸ÐÐÅÏ¢±»Ð¹Â¶¡£

¶þ¡¢¼Ó¹ÌWeb½Ó¿ÚÒÔ×èÖ¹XXE¹¥»÷

ΪÁ˱ÜÃâXXE¹¥»÷£¬ÎÒÃÇ¿ÉÒÔ½ÓÄÉÒÔϼ¸¸ö°ì·¨£º

½ûÓÃÍⲿʵÌ壨Disable External Entities£©£º

ΪÁË×èֹʹÓÃʵÌåÀ©Õ¹¾ÙÐÐXXE¹¥»÷£¬ÎÒÃÇ¿ÉÒÔͨ¹ý½ûÓÃÍⲿʵÌåÀ´½â¾ö¡£ÔÚPHPµÄÉèÖÃÎļþphp.iniÖУ¬½«libxml_disable_entity_loaderÉèÖÃΪtrue£¬¼´¿É½ûÓÃÍⲿʵÌå¡£

libxml_disable_entity_loader(true);

µÇ¼ºó¸´ÖÆ

ÑéÖ¤Óû§ÊäÈ루Validate User Input£©£º

¹ØÓÚÓû§ÊäÈëµÄXMLÊý¾Ý£¬ÎÒÃÇÒª¾ÙÐÐÑÏ¿áµÄÊäÈëÑéÖ¤£¬È·±£ÊäÈëµÄÊý¾ÝÇкÏÔ¤ÆÚµÄÃûÌ᣿ÉÒÔʹÓÃXML Schema½ç˵Êý¾ÝÀàÐͺͽṹ£¬²¢¶ÔÓû§ÊäÈë¾ÙÐÐУÑé¡£

ÒÔÏÂÊÇÒ»¸ö¼òÆÓµÄʾÀý£¬Õ¹Ê¾ÁËÔõÑùʹÓÃXML SchemaÑéÖ¤Êý¾Ý£º

<?xml version="1.0" encoding="UTF-8"?>
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="schema.xsd">
    <data>Valid data</data>
</root>

µÇ¼ºó¸´ÖÆ

ʹÓð×Ãûµ¥»úÖÆ£¨Whitelist£©¹ýÂËʵÌ壺

ʹÓð×Ãûµ¥»úÖÆ¿ÉÒÔÏÞÖÆÆÊÎöµÄʵÌ壬ֻÔÊÐíÆÊÎöÔ¤½ç˵µÄʵÌå¡£¿ÉÒÔͨ¹ý¶ÔÆÊÎöµÄXML¾ÙÐÐÔ¤´¦Àí£¬É¾³ý²»ÐèÒªµÄʵÌå½ç˵¡£ÒÔÏÂÊÇÒ»¸öʾÀý´úÂ룺

$xml = file_get_contents('php://input');
$xml = preg_replace('/<!ENTITY.*?>/', '', $xml);

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëʹÓÃÕýÔò±í´ïʽɾ³ýÁËXMLÎĵµÖеÄʵÌå½ç˵¡£

ʹÓÃÇå¾²µÄXMLÆÊÎö¿â£º

ΪÁËÔ¤·ÀXXE¹¥»÷£¬ÎÒÃÇÓ¦¸Ã¾¡¿ÉÄÜʹÓÃÇå¾²µÄXMLÆÊÎö¿â£¬ºÃ±ÈÔÚPHPÖÐʹÓÃSimpleXML¿â¡£SimpleXMLÌṩÁËһЩÇå¾²»úÖÆÀ´±ÜÃâXXE¹¥»÷¡£

$dom = new DOMDocument();
$dom->loadXML($xml, LIBXML_NOENT | LIBXML_NOERROR | LIBXML_NOWARNING);

µÇ¼ºó¸´ÖÆ

ÉÏÊöʾÀýÖУ¬Í¨¹ýÉèÖÃLIBXML_NOENT | LIBXML_NOERROR | LIBXML_NOWARNING²ÎÊý£¬DOMDocumentÀà»á½ûÓÃÍⲿʵÌå¡¢²»ÏÔʾÆÊÎö¹ýʧºÍÖÒÑÔÐÅÏ¢¡£

½áÂÛ£º

ΪÁË°ü¹ÜLinuxЧÀÍÆ÷µÄÇå¾²ÐÔ£¬±ÜÃâXXE¹¥»÷ºÜÊÇÖ÷Òª¡£Í¨¹ý½ûÓÃÍⲿʵÌå¡¢ÑéÖ¤Óû§ÊäÈ롢ʹÓð×Ãûµ¥»úÖƹýÂËʵÌåºÍʹÓÃÇå¾²µÄXMLÆÊÎö¿â£¬ÎÒÃÇ¿ÉÒÔÓÐÓõØÌá·ÀXXE¹¥»÷¡£¹ØÓÚЧÀÍÆ÷ÖÎÀíÔ±À´Ëµ£¬°´ÆÚ¸üÐÂЧÀÍÆ÷²Ù×÷ϵͳºÍÓ¦ÓóÌÐò¡¢¼à¿Ø²¢ÆÊÎöÈÕÖ¾ÎļþÒÔ¼°ÉèÖÃÇ¿ÃÜÂëµÈ²½·¥Ò²ÊǺÜÊÇÖ÷ÒªµÄЧÀÍÆ÷Ç徲ʵ¼ù¡£Ö»ÓÐÒ»Ö±ÔöǿЧÀÍÆ÷µÄÇå¾²ÐÔ£¬ÎÒÃDzŻªÓÐÓõر £»¤ÍøÕ¾ºÍÓû§µÄÊý¾ÝÇå¾²¡£

²Î¿¼×ÊÁÏ£º

OWASP XXE¹¥»÷Ìá·ÀÖ¸ÄÏ – https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

PHP: SimpleXMLÀà – https://www.php.net/manual/zh/class.simplexml_element.php

DOMDocumentÀà – https://www.php.net/manual/zh/class.domdocument.php

ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷Çå¾²£º¼Ó¹ÌWeb½Ó¿ÚÒÔ×èÖ¹XXE¹¥»÷¡£µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ