Subject: Re: [xsl] XSL Injection, is it possible? From: "M. David Peterson" <m.david@xxxxxxxxxx> Date: Tue, 30 May 2006 00:57:34 -0600 |
oh, why does this sound somewhat familiar to me <
There are some applications that allow the end user to enter an XPath expression (oh, why does this sound somewhat familiar to me :o) ), and the possibility for *XPath Injection* is a very real one.
Even if the user is only expected to enter an element name, if the input is not checked, it may contain an injected XPath expression.
Search for "xpath injection".
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
Re: [xsl] XSL Injection, is it poss, Dimitre Novatchev | Thread | Re: [xsl] XSL Injection, is it poss, G. T. Stresen-Reuter |
Re: [xsl] XSL Injection, is it poss, Dimitre Novatchev | Date | [xsl] Problem involving position() , Pankaj Bishnoi |
Month |