XSL PHP
Bookmarked!This exercise covers the exploitation of a PHP application using XSL
In this challenge, we are going to explore Extensible Stylesheet Language (XSL) and its potential to trigger unexpected behaviors in PHP applications that utilize them. XSL is a language used to transform XML documents into other formats such as HTML, XML, or even PDF. By leveraging the syntax
in your XSL, you can manipulate the document object model to read local files.
The PHP XSL processor also allows the execution of native PHP functions if the developer calls registerPHPFunctions()
on the XSLTProcessor()
object, though this feature is disabled by default. In this challenge, you'll focus on using XSL to retrieve local files from the filesystem, such as by using the syntax document('/etc/passwd')
to get the content of /etc/passwd
. The task is to create an XSL file that reads the key from /app/key.txt
and upload it to complete the challenge.