Z-BLOG Blind-XXE造成任意文件读取

No description provided by source...

Z-BLOG Blind-XXE result in arbitrary file read vulnerability warning-the black bar safety net

Download the latest version of Z-Blog: http://bbs.zblogcn.com/thread-88670-1-1.html /zbsystem/xml-rpc/index.php 6 4 1 row: $zbp-Load; AddFilterPlugin'FilterPluginZbpShowError','RespondError'; $xmlstring = filegetcontents 'php://input' ; //Logs$xmlstring; $xml = simplexmlloadstring$xmlstring; The...