Changes for page Application_MoinMoin

Last modified by Nicolas Gregoire on 2012/01/29 17:56
From version Icon 6.1 Icon
edited by Nicolas Gregoire
on 2012/01/24 22:22
Change comment: There is no comment for this version
To version Icon 7.1 Icon
edited by Nicolas Gregoire
on 2012/01/24 22:24
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -15,9 +15,8 @@
15 15  
16 16  Using a XML External Entity attack, it is possible to read text files ([[PoC>>attach:XsltReadFile]]).
17 17  
18 -__Note__ : I was unable to abuse the doc-as-string() extension function because of the MoinMoin URL Resolver. I didn't soend much time on it, given that a XEE vulnerability was already found.
18 +__Note__ : I was unable to abuse the doc-as-string() extension function because of the MoinMoin URL Resolver. However, I didn't spend much time on it, given that a XEE vulnerability was already found.
19 19  
20 20  = File creation =
21 21  
22 22  As described on the [[4Suite>>Engine_4Suite]] page, the <exsl:document> extension element allows file creation ([[PoC>>attach:XsltCreateFile]])
23 -