商户号:1481984872 ,请帮忙检测验证一下是否已修复,谢谢!
用以上方法验证,解析给定的xml报错,nginx日志也没有打印 "test-xxe-vul"。
错误信息:
java.lang.Exception: org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 10; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
Caused by: org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 10; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
查询已修复
你好,我们也提示说有漏洞,按文档改了也不行,能麻烦说一下你是怎么处理的吗?我邮件158639131@qq.com