Engine_4Suite

Last modified by Nicolas Gregoire on 2012/01/23 12:24

Introduction

4Suite is a Python based XSLT engine by Fourthought Inc.

Supported version

1.0

Command line

$> 4xslt foo.xml foo.xsl

Identification strings

xsl:vendor-urlhttp://4Suite.org
xsl:vendorFourthought Inc.
xsl:version1

Special features

  • File access (read and write)
  • Leak $CWD and paths to binaries 

Reading files

NamespaceExtension functionParametersPoC
http://xmlns.4suite.org/extdoc-as-string()file, encoding4suite-doc-as-string.xsl

This is documented here.

Writing files

NamespaceExtension elementParametersPoC
http://exslt.org/commondocumenthref4suite-exsl-document.xsl

This is documented here.

Information leak

NamespaceExtension functionPoC
http://xmlns.4suite.org/extbin-path()4suite-bin-path.xsl
http://xmlns.4suite.org/extospath2uri()4suite-ospath2uri.xsl
http://xmlns.4suite.org/exturi2ospath()4suite-uri2ospath.xsl