PRODUCTS

DOWNLOAD

BUY

LEARN

SUPPORT

COMPANY

Cart

[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] XSL Injection, is it possible? Play the video Subject: XSL Injection, is it possible? From: "G. T. Stresen-Reuter" <tedmasterweb@xxxxxxx> Date: Mon, 29 May 2006 12:36:39 +0100 Hi, I have a web-based CMS in which all the data is stored in an XML file. I use XSL extensively. I take user input and insert it into the XML file in several different places. Currently my sanitizing function just escapes <, >, ', and " in the input but I was wondering if anyone knows of other vectors by which attackers can enter. Are these characters recognized by the XSLT engine if they are hex or unicode encoded? Thanks in advance and I hope this hasn't been covered elsewhere (I haven't been able to find anything on it). Ted Stresen-Reuter Current Thread XSL Injection, is it possible? G. T. Stresen-Reuter - 29 May 2006 11:37:18 -0000 <= David Carlisle - 29 May 2006 22:55:06 -0000 Dimitre Novatchev - 30 May 2006 01:34:43 -0000 <- Previous Index Next -> RE: Positional Grouping probl, Florent Georges Thread Re: XSL Injection, is it poss, David Carlisle RE: Positional Grouping probl, Florent Georges Date Re: XSL Injection, is it poss, David Carlisle Month

PURCHASE STYLUS STUDIO ONLINE TODAY! Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE! Accelerate XML development with our award-winning XML IDE - Download a free trial today! Don't miss another message! Subscribe to this list today. Email First Name Last Name Company Subscribe in XML format RSS 2.0 Atom 0.3

Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.