Skip to Content

Engine_4Suite

Last modified by Nicolas Gregoire on 2012/01/23 12:24

Introduction
Supported version
Command line
Identification strings
Special features
Reading files
Writing files
Information leak

Introduction

4Suite is a Python based XSLT engine by Fourthought Inc.

Supported version

1.0

Command line

$> 4xslt foo.xml foo.xsl

Identification strings

xsl:vendor-url	http://4Suite.org
xsl:vendor	Fourthought Inc.
xsl:version	1

Special features

File access (read and write)
Leak $CWD and paths to binaries

Reading files

Namespace	Extension function	Parameters	PoC
http://xmlns.4suite.org/ext	doc-as-string()	file, encoding	4suite-doc-as-string.xsl

This is documented here.

Writing files

Namespace	Extension element	Parameters	PoC
http://exslt.org/common	document	href	4suite-exsl-document.xsl

This is documented here.

Information leak

Namespace	Extension function	PoC
http://xmlns.4suite.org/ext	bin-path()	4suite-bin-path.xsl
http://xmlns.4suite.org/ext	ospath2uri()	4suite-ospath2uri.xsl
http://xmlns.4suite.org/ext	uri2ospath()	4suite-uri2ospath.xsl