Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05
From version Icon 13.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 14:15
Change comment: There is no comment for this version
To version Icon 18.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 14:38
Change comment: Upload new attachment liferay-xee.xsl

Summary

Details

Icon Page properties
Tags
... ... @@ -1,0 +1,1 @@
1 +liferay|java|xalan-j|code execution|xee
Content
... ... @@ -12,7 +12,7 @@
12 12  
13 13  
14 14  
15 -Executing commands and reading the output (using the "xalanj-reading-stdout.xsl" script included on the [[Xalan-J>>Engine_Saxon]] page) :
15 +Executing commands and reading the output (using the "xalanj-reading-stdout.xsl" script included on the [[Xalan-J>>Engine_XalanJ]] page) :
16 16  
17 17  [[image:liferay-execute-commands-with-stdout.png||style="display: block; margin-left: auto; margin-right: auto"]]
18 18  
... ... @@ -25,5 +25,4 @@
25 25  * CVE-2011-1502 : allows to read UTF-8 files and to list directories via a XEE (XML External Entity) attack
26 26  
27 27  Reading /etc/passwd using CVE-2011-1502 :
28 -
29 29  [[image:liferay-read-etc-passwd-via-xee.png||style="display: block; margin-left: auto; margin-right: auto"]]
Icon liferay-xee.xsl
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +319 bytes
Content
... ... @@ -1,0 +1,12 @@
1 +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
2 +<xsl:template match="/doc">
3 + <html><body>
4 + <xsl:for-each select="response">
5 + <h2>File content :</h2>
6 + <xsl:value-of select="file"/>
7 + <hr/>
8 + </xsl:for-each>
9 + </body></html>
10 +</xsl:template>
11 +</xsl:stylesheet>
12 +