Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Rule : XSLT processing detection #168

Closed
2 tasks done
h3xstream opened this issue Jan 21, 2016 · 0 comments
Closed
2 tasks done

New Rule : XSLT processing detection #168

h3xstream opened this issue Jan 21, 2016 · 0 comments
Labels
enhancement New feature or improvement to existing detector.
Milestone
version-1.4.6

Comments

@h3xstream
Copy link
Member

h3xstream commented Jan 21, 2016
edited
Loading

Simple rule to detect XLST apis usage.

  • Java Stantard API
  • XSLT taglib

Example of real-life vulnerability to link:
http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
@h3xstream h3xstream added the enhancement New feature or improvement to existing detector. label Jan 21, 2016
@h3xstream h3xstream added this to the version-1.4.6 milestone Jan 21, 2016
h3xstream added a commit that referenced this issue May 11, 2016
@h3xstream
XSLT detector started #168
372cb23
h3xstream added a commit that referenced this issue May 11, 2016
@h3xstream
Introduce a new detector to detect deserialization gadget. #189
a613973 
Update the descriptions #168
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or improvement to existing detector.
Projects
None yet
Milestone
version-1.4.6
Development

No branches or pull requests
1 participant
@h3xstream