0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-09-04 16:48:26 +00:00 committed by gitbook-bot
parent 2dd6d8ff0e
commit 87e77dac9f
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md
View file

@ -5,6 +5,8 @@ The transformation can be done in the server or in the browser\).
The most used frameworks are: **Libxslt** \(Gnome\), **Xalan** \(Apache\) and **Saxon** \(Saxonica\).
In order to exploit this kind of vulnerability you need to be able to store xsl tags in the server side and then access that content. An example of this kind of vulnerability can be found on [https://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/](https://www.gosecure.net/blog/2019/05/02/esi-injection-part-2-abusing-specific-implementations/)
## Fingerprint
Upload this and take information