xsl-list
[Top] [All Lists]

Re: [xsl] XSL Injection, is it possible?

2006-05-29 23:57:49
 oh, why does this sound somewhat familiar to me  <

:D Thanks for giving reason for me to laugh, Dimitre :D I love the subtleness :D

On Mon, 29 May 2006 19:34:23 -0600, Dimitre Novatchev <dnovatchev(_at_)gmail(_dot_)com> wrote:

There are some applications that allow the end user to enter an XPath
expression (oh, why does this sound somewhat familiar to me :o)    ),
and the possibility for *XPath Injection* is a very real one.

Even if the user is only expected to enter an element name, if the
input is not checked, it may contain an injected XPath expression.

Search for "xpath injection".

--~------------------------------------------------------------------
XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
To unsubscribe, go to: http://lists.mulberrytech.com/xsl-list/
or e-mail: <mailto:xsl-list-unsubscribe(_at_)lists(_dot_)mulberrytech(_dot_)com>
--~--

<Prev in Thread] Current Thread [Next in Thread>