Changes for page Engine_XalanJ

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -19,12 +19,11 @@
19	19
20	20	== Special features ==
21	21
22		-* Java properties disclosure
23		-* Java environment disclosure
24		-* Java code execution
25		-* Arbitrary command execution
26	26	* File creation
	23	+* Code execution
27	27	* JDBC connectivity
	25	+* Java properties disclosure
	26	+* Java environment disclosure
28	28
29	29	== Java properties disclosure ==
30	30
...	...	@@ -33,9 +33,11 @@
33	33	|=Namespace|=Function|=PoC|=Sample output
34	34	|http:~/~/www.w3.org/1999/XSL/Transform|system-property()|[[xalanj-java-properties.xsl>>attach:xalanj-java-properties.xsl]]|[[xalanj-java-properties-output.txt>>attach:xalanj-java-properties-output.txt]]
35	35
	35	+
	36	+
36	36	== Java environment disclosure ==
37	37
38		-The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (including available packages, paths, versions, ...).
	39	+The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (packages, paths, versions, ...).
39	39
40	40	|=Namespace|=Extension function|=PoC|=Sample output
41	41	|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
...	...	@@ -44,6 +44,7 @@
44	44
45	45	The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
46	46
	48	+
47	47	|=Namespace|=Extension function|=PoC|=Sample output
48	48	|http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49	49	Wed Jan 11 22:45:07 CET 2012