This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
xsl as a hacker's tool
- From: "Bryan Rasmussen" <bry at itnisk dot com>
- To: <xsl-list at lists dot mulberrytech dot com>
- Date: Fri, 12 Apr 2002 14:59:53 +0200
- Subject: [xsl] xsl as a hacker's tool
- Keywords: xsltDEV
- Reply-to: xsl-list at lists dot mulberrytech dot com
anyone read this?
http://www.theregister.co.uk/content/4/24815.html
it says that win-xp on executing a search downloads the following xsls
transform.xsl
balloon.xsl
prevectr.xsl
vector.xsl
boolean.xsl
pretrans.xsl
transform.xsl
why transform is repeated no idea, since I don't have XP can someone who
does send me these or post them or would this be illegal in our present day
world. I'm not gonna do this but it strikes me that bad people could maybe
write an exploit, manage to point the search at their own address instead of
http://sa.windows.com/ and then downloading their own xsls, these xsls would
hold ms namespace extensions and Oh boy!
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list