Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 39.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:28
Change comment: There is no comment for this version
To version Icon 44.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:31
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -22,7 +22,7 @@
22 22  * Java properties disclosure
23 23  * Java environment disclosure
24 24  * Java code execution
25 -* Arbitrary command execution
25 +* OS command execution
26 26  * File creation
27 27  * JDBC connectivity
28 28  
... ... @@ -44,12 +44,11 @@
44 44  
45 45  The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
46 46  
47 -
48 48  |=Namespace|=Extension function|=PoC|=Sample output
49 49  |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
50 50  Wed Jan 11 22:45:07 CET 2012
51 51  
52 -== Execution of external commands ==
51 +== OS command execution ==
53 53  
54 54  The following code will execute the command "touch /tmp/hello" :
55 55