关联漏洞
描述
Proof-of-Concept of CVE-2023-45612
介绍
# CVE-2023-45612 Reproduction Steps
### My Versions
- **Java 17**
- **Gradle 8.14.3**
- **Python 3.13.7** (for POC script)
### Steps
```
git clone git@github.com:bbugdigger/ktor-xxe-poc.git
cd ktor-xxe-poc
.\gradlew build
.\gradlew run
```
In new tab with same folder destination run PoC script
```
python .\xxe_poc.py
```
文件快照
[4.0K] /data/pocs/ac65fb282d1f3d08fbea5dc11a516b07ce330965
├── [ 659] build.gradle.kts
├── [4.0K] gradle
│ ├── [1.1K] libs.versions.toml
│ └── [4.0K] wrapper
│ ├── [ 43K] gradle-wrapper.jar
│ └── [ 253] gradle-wrapper.properties
├── [ 27] gradle.properties
├── [8.5K] gradlew
├── [2.8K] gradlew.bat
├── [ 327] README.md
├── [ 17] requirements.txt
├── [ 124] settings.gradle.kts
├── [4.0K] src
│ └── [4.0K] main
│ ├── [4.0K] kotlin
│ │ ├── [ 221] Application.kt
│ │ ├── [3.9K] Routing.kt
│ │ └── [6.7K] Serialization.kt
│ └── [4.0K] resources
│ ├── [ 122] application.yaml
│ └── [ 425] logback.xml
└── [2.0K] xxe_poc.py
6 directories, 16 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。