Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jan 2012 19:08:19 +0100
From: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
To: oss-security@...ts.openwall.com
Subject: Re: CVE affected for PHP 5.3.9 ?

Le vendredi 13 janvier 2012 à 09:54 -0700, Kurt Seifried a écrit :
> I'm not clear on how this crosses a security boundary

Some applications *will* process untrusted XSLT stylesheets.

The most basic example is online XSLT gateways :
http://www.shell-tools.net/index.php?op=xslt
http://online-toolz.com/tools/xslt-transformation.php

You may find more with Google and a dork like [inurl:php
inurl:"xsl=http"]. This is often used to adapt the layout of a page to
the browser (desktop vs. mobile).

There's too some more complex cases where untrusted XSLT may be used,
like parsing SVG images, XML-DSig signatures or SAML tokens, ...

Regards,
Nicolas


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.