Changes for page Application_PHP5

Last modified by Nicolas Gregoire on 2012/02/02 17:29
From version Icon 16.1 Icon
edited by Nicolas Gregoire
on 2012/01/16 11:38
Change comment: Upload new attachment php539-xslt.php
To version Icon 17.1 Icon
edited by Nicolas Gregoire
on 2012/01/16 11:39
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -14,7 +14,7 @@
14 14  
15 15  == PoC with crypto ==
16 16  
17 -A better script was later posted on [[OSS-Security>>http://seclists.org/oss-sec/2012/q1/157]] at RedHat request. This PHP script will by default display a pre-filled HTML form including XML data, XSLT code and RC4-encrypted malicious PHP code. When the form is submitted, the user-controlled XML data is transformed using the user-controlled XSLT code. Then, the output of this transformation is displayed in the browser. Meanwhile, the malicious PHP code is decrypted using a static key ("simple_demo") and saved to "/var/www/xxx/backdoor.php".
17 +A better script was later posted on [[OSS-Security>>http://seclists.org/oss-sec/2012/q1/157]] at RedHat request. This PHP script ([[attach:php539-xslt.php]]) will by default display a pre-filled HTML form including XML data, XSLT code and RC4-encrypted malicious PHP code. When the form is submitted, the user-controlled XML data is transformed using the user-controlled XSLT code. Then, the output of this transformation is displayed in the browser. Meanwhile, the malicious PHP code is decrypted using a static key ("simple_demo") and saved to "/var/www/xxx/backdoor.php".
18 18  
19 19  = Executing PHP code =
20 20