Changes for page Application_PHP5

Last modified by Nicolas Gregoire on 2012/02/02 17:29
From version Icon 8.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 17:24
Change comment: Upload new attachment execute-code-via-libxslt.php
To version Icon 9.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 17:29
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -11,6 +11,7 @@
11 11  
12 12  == Executing PHP code ==
13 13  
14 -A call to [[registerPHPFunctions()>>http://php.net/manual/en/xsltprocessor.registerphpfunctions.php]] allows to execute standard PHP functions directly from the XSLT stylesheet.
14 +A call to [[registerPHPFunctions()>>http://php.net/manual/en/xsltprocessor.registerphpfunctions.php]] allows to execute standard PHP functions directly from the XSLT stylesheet. I never came across this pattern in real-life engagements but Google Code search references [[several>>http://www.google.com/codesearch#search/&q=registerPHPFunctions%20lang:%5Ephp$&type=cs||rel="__blank"]] instances of it (dork: "registerPHPFunctions lang:^php$").
15 15  
16 16  
17 +The attached [[execute-code-via-libxslt.php>>attach:execute-code-via-libxslt.php]] PoC will use the passthru() PHP function to execute "uname -a".