Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35

From version

edited by Nicolas Gregoire
on 2012/01/12 22:08

Change comment: There is no comment for this version

To version

edited by Nicolas Gregoire
on 2012/01/12 00:14

Change comment: There is no comment for this version

Summary

Page properties

Content

@@ -66,23 +66,4 @@
  == JDBC connectivity ==
--It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver. The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
--
--|=Namespace|=Extension function|=PoC
--|org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
--
--=== Brute-force ===
--
--The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] file will read some tuples (JDBC driver, database URL, username, passsword) from a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
--
--Here's the output when launched from the CLI :
--$> java org.apache.xalan.xslt.Process -in xalanj-jdbc-bruteforce.xml -xsl xalanj-jdbc-bruteforce.xsl 2> /dev/null
--Username : [root] / Password : [] :
--Username : [root] / Password : [uberpasswd] :
--Username : [root] / Password : [cnam] : OK !!
--Username : [pma] / Password : [pma] :
--
--
--
--
--
++xxx TODO xxx