Application_MoinMoin

Version 3.1 by Nicolas Gregoire on 2012/01/24 22:08

By default, the 'allow_xslt' configuration option is set to False. if this option is set to True, then "read/write/overwrite arbitrary path/file as the moin process uid/gidarbitrary" is possible. This is triggered by inserting then displaying wiki pages containing XSLT code.

This was documented in version 1.9.3 :
http://moinmo.in/SecurityFixes
http://hg.moinmo.in/moin/1.9/rev/99e2309a7ec0

     

Welcome

Welcome on the XSLT Hacking Encyclopedia !

You may be interested by the Engines and Applications pages.

Link to the blog
Twitter: @Agarri_FR

Tag Cloud

Failed to execute the [velocity] macro. Cause: [The execution of the [velocity] script macro is not allowed in [xhe:XWiki.TagCloud]. Check the rights of its last author or the parameters if it's rendered from another script.]. Click on this message for details.

Content by Nicolas Grégoire / Agarri
Blog - Follow me @Agarri_FR