
Version 6.1 by Nicolas Gregoire on 2012/01/13 16:34

Dixit Wikipedia : "PHP is a general-purpose server-side scripting language originally designed for web development to produce dynamic web pages. It is among one of the first developed server-side scripting languages that is embedded into a HTML source document, rather than calling an external file to process data. Ultimately, the code is interpreted by a web server with a PHP processor module which generates the resulting web page."

Creating files

Version 5 of the PHP language uses the libxslt engine to transform XML documents using XSLT. Prior to version 5.3.9, calls to libxslt were not restricted via xsltSetSecurityPrefs(). It was then possible to create / overwrite files on the engine side, typically for dropping a PHP Web Shell (cf Bug #54446).

The attached create-file-via-libxslt.php PoC will drop a basic PHP script in /tmp/.