Normalize page header for Web Socket, XSLT, XSS, XXE

2025-12-12 15:49:38 -08:00 · 2024-11-10 21:15:44 +01:00
parent 48a4e5c95b
commit 0a5ecc407c
9 changed files with 94 additions and 34 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@@ -2,11 +2,11 @@

 > Processing an un-validated XSL stylesheet can allow an attacker to change the structure and contents of the resultant XML, include arbitrary files from the file system, or execute arbitrary code

+
 ## Summary

- [Summary](#summary)
 - [Tools](#tools)
- [Exploit](#exploit)
+- [Methodology](#methodology)
    - [Determine the vendor and version](#determine-the-vendor-and-version)
    - [External Entity](#external-entity)
    - [Read files and SSRF using document](#read-files-and-ssrf-using-document)
@@ -14,11 +14,18 @@
    - [Remote Code Execution with PHP wrapper](#remote-code-execution-with-php-wrapper)
    - [Remote Code Execution with Java](#remote-code-execution-with-java)
    - [Remote Code Execution with Native .NET](#remote-code-execution-with-native-net)
+- [Labs](#labs)
 - [References](#references)

+
 ## Tools

-## Exploit
+No known tools currently exist to assist with XSLT exploitation.
+
+* [TODO](#)
+
+
+## Methodology

 ### Determine the vendor and version

@@ -238,6 +245,11 @@ return proc.StandardOutput.ReadToEnd();
 ```


+## Labs
+
+- [Root Me - XSLT - Code execution](https://www.root-me.org/en/Challenges/Web-Server/XSLT-Code-execution)
+
+
 ## References

 - [From XSLT code execution to Meterpreter shells - Nicolas Grégoire (@agarri) - July 2, 2012](https://www.agarri.fr/blog/archives/2012/07/02/from_xslt_code_execution_to_meterpreter_shells/index.html)