[XSL-LIST Mailing List Archive Home] [By Thread] [By Date]

Re: [xsl] XSL Injection, is it possible?

Subject: Re: [xsl] XSL Injection, is it possible?
From: "M. David Peterson" <m.david@xxxxxxxxxx>
Date: Tue, 30 May 2006 00:57:34 -0600

oh, why does this sound somewhat familiar to me <

:D Thanks for giving reason for me to laugh, Dimitre :D I love the subtleness :D

On Mon, 29 May 2006 19:34:23 -0600, Dimitre Novatchev <dnovatchev@xxxxxxxxx> wrote:

There are some applications that allow the end user to enter an XPath
expression (oh, why does this sound somewhat familiar to me :o)    ),
and the possibility for *XPath Injection* is a very real one.

Even if the user is only expected to enter an element name, if the
input is not checked, it may contain an injected XPath expression.

Search for "xpath injection".

Current Thread

[xsl] XSL Injection, is it possible?
- G. T. Stresen-Reuter - 29 May 2006 11:37:18 -0000
  - David Carlisle - 29 May 2006 22:55:06 -0000
    - G. T. Stresen-Reuter - 30 May 2006 11:57:02 -0000
  - Dimitre Novatchev - 30 May 2006 01:34:43 -0000
    - M. David Peterson - 30 May 2006 06:57:49 -0000 <=
    - G. T. Stresen-Reuter - 30 May 2006 12:17:36 -0000
      - Dimitre Novatchev - 30 May 2006 16:14:08 -0000
      - G. T. Stresen-Reuter - 30 May 2006 18:27:26 -0000
      - Dimitre Novatchev - 30 May 2006 19:13:24 -0000

<- Previous	Index	Next ->
Re: [xsl] XSL Injection, is it poss, Dimitre Novatchev	Thread	Re: [xsl] XSL Injection, is it poss, G. T. Stresen-Reuter
Re: [xsl] XSL Injection, is it poss, Dimitre Novatchev	Date	[xsl] Problem involving position() , Pankaj Bishnoi
	Month

© 2002-2008 SyncRO Soft Ltd. All rights reserved.
                                             | Sitemap | Privacy Policy 
 This website was created & generated with
                                             <oXygen/> XML Editor


	Keywords xpath