[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: insecure xslt
bryan rasmussen wrote:
http://metasploit.com/research/vulns/google_proxystylesheet/ I wish we could discuss the google search appliance's XSL other than generalities. I think it [expletive deleted]. The XML is fine, though not very descriptive. I don't understand why such a simple thing needs to be secret. (Maybe because it is lame?) (Can I be sued for these statements?) What I do (and it eliminates the bug) is use a servlet filter to get the form submission, form a query to submit to the appliance and get the results backs as XML to do with what I may. best, -Rob
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|