Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 59.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 21:53
Change comment: There is no comment for this version
To version Icon 60.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 22:08
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -66,9 +66,23 @@
66 66  
67 67  == JDBC connectivity ==
68 68  
69 -It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver.
69 +It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver. The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
70 70  
71 71  |=Namespace|=Extension function|=PoC
72 72  |org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
73 73  
74 -The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result. The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] one will read some tuples (JDBC driver, database URL, username, passsword) in a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
74 +=== Brute-force ===
75 +
76 +The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] file will read some tuples (JDBC driver, database URL, username, passsword) from a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
77 +
78 +Here's the output when launched from the CLI :
79 +$> java org.apache.xalan.xslt.Process -in xalanj-jdbc-bruteforce.xml -xsl xalanj-jdbc-bruteforce.xsl 2> /dev/null
80 +Username : [root] / Password : [] :
81 +Username : [root] / Password : [uberpasswd] :
82 +Username : [root] / Password : [cnam] : OK !!
83 +Username : [pma] / Password : [pma] :
84 +
85 +
86 +
87 +
88 +