mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
6 lines
245 B
PHP
6 lines
245 B
PHP
<?php
|
|
// Unsafe: $_GET['xml'] flows into simplexml_load_string with the LIBXML_NOENT
|
|
// flag, enabling external-entity expansion (XXE).
|
|
$xml = $_GET['xml'];
|
|
$doc = simplexml_load_string($xml, "SimpleXMLElement", LIBXML_NOENT);
|
|
echo $doc->title;
|