关联漏洞
描述
PoC for CVE-2023-45612
介绍
# ktor-xxe-poc
This is a proof-of-concept reproducing the security problem [CVE-2023-45612](https://nvd.nist.gov/vuln/detail/CVE-2023-45612).
## Versions Used
- Ktor: 2.2.3
- xmlutil: 0.84.3
- Java: 17.0.6
- Gradle: 9.1.0
- Python: 3.13.7
## How to Run
1. Build and run the server:
```bash
./gradlew build
./gradlew run
```
2. Test the XXE payload :
```bash
python test.py
```
The server will run on `http://localhost:8080`
文件快照
[4.0K] /data/pocs/6fd9eff7452f007d1ced75abd9bdc7c7aeb53a28
├── [ 639] build.gradle.kts
├── [4.0K] gradle
│ ├── [ 976] libs.versions.toml
│ └── [4.0K] wrapper
│ ├── [ 43K] gradle-wrapper.jar
│ └── [ 253] gradle-wrapper.properties
├── [ 27] gradle.properties
├── [8.5K] gradlew
├── [2.9K] gradlew.bat
├── [ 429] README.md
├── [ 118] settings.gradle.kts
├── [4.0K] src
│ └── [4.0K] main
│ ├── [4.0K] kotlin
│ │ ├── [ 221] Application.kt
│ │ ├── [ 740] Routing.kt
│ │ └── [ 251] Serialization.kt
│ └── [4.0K] resources
│ ├── [ 122] application.yaml
│ └── [ 425] logback.xml
└── [ 685] test.py
6 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。