!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/doc/libxslt-1.1.17/html/   drwxr-xr-x
Free 50.89 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     libxslt-security.html (19.53 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Module security from libxslt
Action against software patentsGnome2 LogoW3C logoRed Hat Logo
Made with Libxslt Logo

The XSLT C library for Gnome

Module security from libxslt

API Menu
Related links
API Indexes

the libxslt security framework allow to restrict the access to new resources (file or URL) from the stylesheet at runtime.

Table of Contents

Enum xsltSecurityOption
Structure xsltSecurityPrefs
struct _xsltSecurityPrefs The content of this structure is not made public by the API.
Typedef xsltSecurityPrefs * xsltSecurityPrefsPtr
int	xsltCheckRead			(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const xmlChar * URL)
int	xsltCheckWrite			(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const xmlChar * URL)
void	xsltFreeSecurityPrefs		(xsltSecurityPrefsPtr sec)
xsltSecurityPrefsPtr	xsltGetDefaultSecurityPrefs	(void)
xsltSecurityCheck	xsltGetSecurityPrefs	(xsltSecurityPrefsPtr sec, 
xsltSecurityOption option)
xsltSecurityPrefsPtr	xsltNewSecurityPrefs	(void)
int	xsltSecurityAllow		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)
Function type: xsltSecurityCheck
int	xsltSecurityCheck		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)
int	xsltSecurityForbid		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)
int	xsltSetCtxtSecurityPrefs	(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt)
void	xsltSetDefaultSecurityPrefs	(xsltSecurityPrefsPtr sec)
int	xsltSetSecurityPrefs		(xsltSecurityPrefsPtr sec, 
xsltSecurityOption option,
xsltSecurityCheck func)

Description

Enum xsltSecurityOption

Enum xsltSecurityOption {
    XSLT_SECPREF_READ_FILE = 1
    XSLT_SECPREF_WRITE_FILE = 2
    XSLT_SECPREF_CREATE_DIRECTORY = 3
    XSLT_SECPREF_READ_NETWORK = 4
    XSLT_SECPREF_WRITE_NETWORK = 5
}

Structure xsltSecurityPrefs

Structure xsltSecurityPrefs
struct _xsltSecurityPrefs { The content of this structure is not made public by the API. }

Function: xsltCheckRead

int	xsltCheckRead			(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const xmlChar * URL)

Check if the resource is allowed to be read

sec:the security options
ctxt:an XSLT transformation context
URL:the resource to be read
Returns:1 if read is allowed, 0 if not and -1 in case or error.

Function: xsltCheckWrite

int	xsltCheckWrite			(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const xmlChar * URL)

Check if the resource is allowed to be written, if necessary makes some preliminary work like creating directories

sec:the security options
ctxt:an XSLT transformation context
URL:the resource to be written
Returns:1 if write is allowed, 0 if not and -1 in case or error.

Function: xsltFreeSecurityPrefs

void	xsltFreeSecurityPrefs		(xsltSecurityPrefsPtr sec)

Free up a security preference block

sec:the security block to free

Function: xsltGetDefaultSecurityPrefs

xsltSecurityPrefsPtr	xsltGetDefaultSecurityPrefs	(void)

Get the default security preference application-wide

Returns:the current xsltSecurityPrefsPtr in use or NULL if none

Function: xsltGetSecurityPrefs

xsltSecurityCheck	xsltGetSecurityPrefs	(xsltSecurityPrefsPtr sec, 
xsltSecurityOption option)

Lookup the security option to get the callback checking function

sec:the security block to update
option:the option to lookup
Returns:NULL if not found, the function otherwise

Function: xsltNewSecurityPrefs

xsltSecurityPrefsPtr	xsltNewSecurityPrefs	(void)

Create a new security preference block

Returns:a pointer to the new block or NULL in case of error

Function: xsltSecurityAllow

int	xsltSecurityAllow		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)

Function used to always allow an operation

sec:the security block to use
ctxt:an XSLT transformation context
value:unused
Returns:1 always

Function type: xsltSecurityCheck

Function type: xsltSecurityCheck
int	xsltSecurityCheck		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)

User provided function to check the value of a string like a file path or an URL ...

sec:
ctxt:
value:
Returns:

Function: xsltSecurityForbid

int	xsltSecurityForbid		(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt,
const char * value)

Function used to always forbid an operation

sec:the security block to use
ctxt:an XSLT transformation context
value:unused
Returns:0 always

Function: xsltSetCtxtSecurityPrefs

int	xsltSetCtxtSecurityPrefs	(xsltSecurityPrefsPtr sec, 
xsltTransformContextPtr ctxt)

Set the security preference for a specific transformation

sec:the security block to use
ctxt:an XSLT transformation context
Returns:-1 in case of error, 0 otherwise

Function: xsltSetDefaultSecurityPrefs

void	xsltSetDefaultSecurityPrefs	(xsltSecurityPrefsPtr sec)

Set the default security preference application-wide

sec:the security block to use

Function: xsltSetSecurityPrefs

int	xsltSetSecurityPrefs		(xsltSecurityPrefsPtr sec, 
xsltSecurityOption option,
xsltSecurityCheck func)

Update the security option to use the new callback checking function

sec:the security block to update
option:the option to update
func:the user callback to use for this option
Returns:-1 in case of error, 0 otherwise

Daniel Veillard


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0118 ]--