Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35

From version Icon 27.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 22:31
Change comment: Upload new attachment xalanj-checkenv-output.txt
To version Icon 35.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:21
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -22,19 +22,32 @@
22 22  * File creation
23 23  * Code execution
24 24  * JDBC connectivity
25 -* Java properties
26 -* CheckEnv()
25 +* Java properties disclosure
26 +* Java environment disclosure
27 27  
28 -== CheckEnv() ==
28 +== Java properties disclosure ==
29 29  
30 -The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]), associated to the Xalan namespace, will display some information about the execution context. The output of the PoC is attached.
30 +The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties.
31 31  
32 +|=Namespace|=Extension function|=PoC|=Sample output
33 +|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
34 +
35 +== Java environment disclosure ==
36 +
37 +The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (packages, paths, versions, ...).
38 +
39 +|=Namespace|=Extension function|=PoC|=Sample output
40 +|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
41 +
32 32  == Java code execution ==
33 33  
34 -The following code will display the current date :
44 +The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
35 35  
36 -TODO
37 37  
47 +|=Namespace|=Extension function|=PoC|=Sample output
48 +|http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 +Wed Jan 11 22:45:07 CET 2012
50 +
38 38  == Execution of external commands ==
39 39  
40 40  The following code will execute the command "touch /tmp/hello" :