{"type":"rich","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fu3nerd.hatenablog.com%2Fentry%2F2024%2F02%2F01%2F090959\" title=\"XML External Entity injection with error-based data exfiltration \u304b\u3089\u5b66\u3076 - The light of hope to the other side of the tunnel - Kotsu Kotsu To -\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_name":"U3nerd","published":"2024-02-01 09:09:59","title":"XML External Entity injection with error-based data exfiltration \u304b\u3089\u5b66\u3076","height":"190","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/U/U3nerd/20240201/20240201085745.png","blog_url":"https://u3nerd.hatenablog.com/","provider_name":"Hatena Blog","url":"https://u3nerd.hatenablog.com/entry/2024/02/01/090959","provider_url":"https://hatena.blog","width":"100%","blog_title":"The light of hope to the other side of the tunnel - Kotsu Kotsu To -","description":"\u30bd\u30fc\u30b9\uff1a infosecwriteups.com \u8106\u5f31\u6027\uff1aXXE \u8a33\uff1a XXE\u3068\u306f\u4f55\u3067\u3059\u304b\uff1f XML \u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3 (XXE) \u306f\u3001XML \u5165\u529b\u3092\u51e6\u7406\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u767a\u751f\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8106\u5f31\u6027\u3067\u3002 XXE \u653b\u6483\u3067\u306f\u3001\u653b\u6483\u8005\u304c\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e XML \u30d1\u30fc\u30b5\u30fc\u3092\u60aa\u7528\u3057\u3066\u5916\u90e8\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3092\u7d44\u307f\u8fbc\u3080\u3053\u3068\u304c\u3067\u304d\u3001\u3053\u308c\u306b\u3088\u308a\u3001\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb\u306e\u8aad\u307f\u53d6\u308a\u3001\u30b5\u30fc\u30d0\u30fc \u30ea\u30af\u30a8\u30b9\u30c8\u306e\u958b\u59cb\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u306e\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u306a\u3069\u3001\u3055\u307e\u3056\u307e\u306a\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u304c\u5f15\u304d\u8d77\u3053\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u3063\u3066\u3002 \u3053\u306e\u30bf\u30a4\u30d7\u306e\u8106\u5f31\u6027\u306f\u5bfe\u51e6\u3057\u306a\u3044\u3068\u91cd\u5927\u306a\u7d50\u679c\u3092\u62db\u304f\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5206\u91ce\u3067\u91cd\u5927\u306a\u61f8\u5ff5\u4e8b\u9805\u3068\u306a\u2026","version":"1.0","categories":["Bug Report"],"author_url":"https://blog.hatena.ne.jp/U3nerd/"}