(anonymous) wrote:
To close the topic [1] I finally decided to follow the hints given by Maciej Jaros and Merlissimo and created (since it seams nobody did this already - please correct me, if I am wrong)
"XSaLT: XSL/XSLT Simple and Lightweight Tool" [2]
Which is a very, very, very simple python cgi script that takes an url (pointing to any XML source document) and an XSLT stylesheet. Both are passed to lxml to transform the XML to a destination document. Any XSLT stylesheet you might need can be added if you send me a mail. [...]
Please consider that very, very, very simple scripts typi- cally have very, very, very bad security protections :-). In this case, all files on the toolserver can be checked for existence, if they are XML files and the attacker can depos- it an XSLT file somewhere on the toolserver they can be read and accesses to external URLs can be triggered.
Tim