Changes for page Engine_XalanJ
on 2012/01/11 22:54
on 2012/01/11 22:27
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Attachments (0 modified, 0 added, 1 removed)
Details
- Page properties
-
- Content
-
... ... @@ -22,24 +22,53 @@ 22 22 * File creation 23 23 * Code execution 24 24 * JDBC connectivity 25 -* Java properties disclosure26 -* Javaenvironment disclosure25 +* Java properties 26 +* CheckEnv() 27 27 28 -== Javaenvironmentdisclosure==28 +== CheckEnv() == 29 29 30 -The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (packages, paths, versions,...).30 +The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]), associated to the Xalan namespace, will display some information about the execution context. 31 31 32 -|=Namespace|=Extension function|=PoC|=Sample output 33 -|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]] 32 +=== Output === 34 34 35 - ==Java code execution=34 +<?xml version="1.0" encoding="UTF-8"?> 36 36 37 -The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution. 36 +<checkEnvironmentExtension> 37 + <EnvironmentCheck version="$Revision$"> 38 + <environment> 39 + <item key="version.DOM.draftlevel">2.0fd</item> 40 + <item key="java.class.path">/usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar</item> 41 + <item key="version.JAXP">1.1 or higher</item> 42 + <item key="java.ext.dirs">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext</item> 43 + <item key="version.xerces2">Xerces-J 2.9.1</item> 44 + <item key="version.xerces1">not-present</item> 45 + <item key="version.xalan2_2">Xalan Java 2.7.1</item> 46 + <item key="version.xalan1">not-present</item> 47 + <item key="version.ant">not-present</item> 48 + <item key="java.version">1.6.0_26</item> 49 + <item key="version.DOM">2.0</item> 50 + <item key="version.crimson">not-present</item> 51 + <item key="sun.boot.class.path">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes</item> 52 + <foundJar desc="apis.jar-apparent.version" name="xml">xml-apis.jar present-unknown-version</foundJar> 53 + <foundJar desc="apis.jar-path" name="xml">/usr/share/java/xml-apis.jar</foundJar> 54 + <foundJar desc="apparent.version" name="xercesImpl.jar">xercesImpl.jar WARNING.present-unknown-version</foundJar> 55 + <foundJar desc="path" name="xercesImpl.jar">/usr/share/java/xercesImpl.jar</foundJar> 56 + <foundJar desc="apparent.version" name="serializer.jar">serializer.jar present-unknown-version</foundJar> 57 + <foundJar desc="path" name="serializer.jar">/usr/share/java/serializer.jar</foundJar> 58 + <foundJar desc="apparent.version" name="xsltc.jar">xsltc.jar present-unknown-version</foundJar> 59 + <foundJar desc="path" name="xsltc.jar">/usr/share/java/xsltc.jar</foundJar> 60 + <item key="version.SAX">2.0</item> 61 + <item key="version.xalan2x">Xalan Java 2.7.1</item> 62 + </environment> 63 + <status result="OK"/> 64 + </EnvironmentCheck> 65 +</checkEnvironmentExtension> 38 38 67 +== Java code execution == 39 39 40 -|=Namespace|=Extension function|=PoC|=Sample output 41 -|http:~/~/xml.apache.org/xalan/java/java.util.Date|new|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date: Wed Jan 11 22:45:07 CET 2012 69 +The following code will display the current date : 42 42 71 +TODO 43 43 44 44 == Execution of external commands == 45 45
- xalanj-checkenv-output.txt
-
- Author
-
... ... @@ -1,1 +1,0 @@ 1 -xwiki:XWiki.NicolasGregoire - Size
-
... ... @@ -1,1 +1,0 @@ 1 -2.5 KB - Content
-
... ... @@ -1,31 +1,0 @@ 1 -<?xml version="1.0" encoding="UTF-8"?><checkEnvironmentExtension> 2 - <EnvironmentCheck version="$Revision$"> 3 - <environment> 4 - <item key="version.DOM.draftlevel">2.0fd</item> 5 - <item key="java.class.path">/usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar</item> 6 - <item key="version.JAXP">1.1 or higher</item> 7 - <item key="java.ext.dirs">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext</item> 8 - <item key="version.xerces2">Xerces-J 2.9.1</item> 9 - <item key="version.xerces1">not-present</item> 10 - <item key="version.xalan2_2">Xalan Java 2.7.1</item> 11 - <item key="version.xalan1">not-present</item> 12 - <item key="version.ant">not-present</item> 13 - <item key="java.version">1.6.0_26</item> 14 - <item key="version.DOM">2.0</item> 15 - <item key="version.crimson">not-present</item> 16 - <item key="sun.boot.class.path">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes</item> 17 - <foundJar desc="apis.jar-apparent.version" name="xml">xml-apis.jar present-unknown-version</foundJar> 18 - <foundJar desc="apis.jar-path" name="xml">/usr/share/java/xml-apis.jar</foundJar> 19 - <foundJar desc="apparent.version" name="xercesImpl.jar">xercesImpl.jar WARNING.present-unknown-version</foundJar> 20 - <foundJar desc="path" name="xercesImpl.jar">/usr/share/java/xercesImpl.jar</foundJar> 21 - <foundJar desc="apparent.version" name="serializer.jar">serializer.jar present-unknown-version</foundJar> 22 - <foundJar desc="path" name="serializer.jar">/usr/share/java/serializer.jar</foundJar> 23 - <foundJar desc="apparent.version" name="xsltc.jar">xsltc.jar present-unknown-version</foundJar> 24 - <foundJar desc="path" name="xsltc.jar">/usr/share/java/xsltc.jar</foundJar> 25 - <item key="version.SAX">2.0</item> 26 - <item key="version.xalan2x">Xalan Java 2.7.1</item> 27 - </environment> 28 - <status result="OK"/> 29 - </EnvironmentCheck> 30 -</checkEnvironmentExtension> 31 -