Re: [xsl] XSL Injection, is it possible?

Subject: Re: [xsl] XSL Injection, is it possible?
From: "M. David Peterson" <m.david@xxxxxxxxxx>
Date: Tue, 30 May 2006 00:57:34 -0600
oh, why does this sound somewhat familiar to me <

:D Thanks for giving reason for me to laugh, Dimitre :D I love the subtleness :D


On Mon, 29 May 2006 19:34:23 -0600, Dimitre Novatchev <dnovatchev@xxxxxxxxx> wrote:

There are some applications that allow the end user to enter an XPath
expression (oh, why does this sound somewhat familiar to me :o)    ),
and the possibility for *XPath Injection* is a very real one.

Even if the user is only expected to enter an element name, if the
input is not checked, it may contain an injected XPath expression.

Search for "xpath injection".

Current Thread