XSL PHP

Bookmarked!

This exercise covers the exploitation of a PHP application using XSL

PRO
Tier
Medium
< 1 Hr.
234
Media Badge

In this challenge, we are going to explore Extensible Stylesheet Language (XSL) and its potential to trigger unexpected behaviors in PHP applications that utilize them. XSL is a language used to transform XML documents into other formats such as HTML, XML, or even PDF. By leveraging the syntax in your XSL, you can manipulate the document object model to read local files.

The PHP XSL processor also allows the execution of native PHP functions if the developer calls registerPHPFunctions() on the XSLTProcessor() object, though this feature is disabled by default. In this challenge, you'll focus on using XSL to retrieve local files from the filesystem, such as by using the syntax document('/etc/passwd') to get the content of /etc/passwd. The task is to create an XSL file that reads the key from /app/key.txt and upload it to complete the challenge.

Want to learn more? Get started with PentesterLab Pro! GOPRO