xsl-list
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

insecure xslt

2005-11-23 14:57:52
from [bryan rasmussen] [Permanent Link] 
http://metasploit.com/research/vulns/google_proxystylesheet/

A security hole in the google search appliance is xslt  based,
basically from what I've seen of the appliance this is something that
an administrator should be able to fix themselves. But if one can't go
through all the configuration possibilities there is a patch.

I was not aware that the stylesheet engine was oracle based as is
indicated here though, one of the things that I had assumed from talks
with google support was that theirs was not a complete xslt 1.0
implementation - based on my asking for document function support and
being told that it supported all the functions that it needed to do
its job - which sounded like a no to me.

--~------------------------------------------------------------------
XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XSLT test suite [was Re: [xsl] second implementation of XSLT 2.0?], Frans Englich
Next by Date:  RE: XSLT test suite [was Re: [xsl] second implementation of XSLT 2.0?], Michael Kay
Previous by Thread:  XSLT test suite [was Re: [xsl] second implementation of XSLT 2.0?], Frans Englich
Next by Thread:  Re: insecure xslt, Robert Koberg
Indexes:  [Date] [Thread] [Top] [All Lists]