Changes for page Engine_XalanJ

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -59,7 +59,7 @@
59	59
60	60	== File creation ==
61	61
62		-The "write" extension element allows to create files on the engine side. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
	62	+The write extension element allows to create files on the engine side. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
63	63
64	64	|=Namespace|=Extension element|=Parameter|=PoC
65	65	|http:~/~/xml.apache.org/xalan/redirect|write|file|[[xalanj-write.xsl>>attach:xalanj-write.xsl]]
...	...	@@ -66,9 +66,4 @@
66	66
67	67	== JDBC connectivity ==
68	68
69		-It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver.
70		-
71		-|=Namespace|=Extension function|=PoC
72		-|org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
73		-
74		-The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result. The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] one will read some tuples (JDBC driver, database URL, username, passsword) in a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
	69	+xxx TODO xxx