Skip to Content

Changes for page Application_PHP5

Last modified by Nicolas Gregoire on 2012/02/02 17:29
From version Icon 4.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 16:34
Change comment: There is no comment for this version
To version Icon 3.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 16:28
Change comment: Upload new attachment create-file-via-libxslt.php

Summary

Details

Icon Page properties
Content
... ... @@ -2,9 +2,4 @@
2 2  
3 3  
4 4  
5 -== Creating files ==
6 -
7 -Version 5 of the PHP language uses the [[libxslt>>Engine_libxslt]] engine to transform XML documents using XSLT. Prior to version 5.3.9, calls to libxslt were not restricted via xsltSetSecurityPrefs(). It was then possible to create / overwrite files on the engine side, typically for dropping a PHP Web Shell (cf [[Bug #54446>>https://bugs.php.net/bug.php?id=54446||rel="__blank"]]).
8 -
9 -
10 -The attached [[create-file-via-libxslt.php>>attach:create-file-via-libxslt.php]] PoC will drop a basic PHP script in /tmp/.
5 +Version 5 of the PHP language uses the [[libxslt>>Engine_libxslt]] engine to transform XML documents using XSLT. Prior to version 5.3.9, calls to libxslt were not restricted using xsltSetSecurityPrefs(). It was then possible to create / overwrite files on the engine side, typically for dropping a PHP Web Shell (cf [[Bug #54446>>https://bugs.php.net/bug.php?id=54446||rel="__blank"]]).