Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 44.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:31
Change comment: There is no comment for this version
To version Icon 40.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:29
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -22,7 +22,7 @@
22 22  * Java properties disclosure
23 23  * Java environment disclosure
24 24  * Java code execution
25 -* OS command execution
25 +* Arbitrary command execution
26 26  * File creation
27 27  * JDBC connectivity
28 28  
... ... @@ -44,11 +44,12 @@
44 44  
45 45  The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
46 46  
47 +
47 47  |=Namespace|=Extension function|=PoC|=Sample output
48 48  |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 49  Wed Jan 11 22:45:07 CET 2012
50 50  
51 -== OS command execution ==
52 +== Execution of external commands ==
52 52  
53 53  The following code will execute the command "touch /tmp/hello" :
54 54