This is the mail archive of the xsl-list@mulberrytech.com mailing list .

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

xsl as a hacker's tool

From: "Bryan Rasmussen" <bry at itnisk dot com>
To: <xsl-list at lists dot mulberrytech dot com>
Date: Fri, 12 Apr 2002 14:59:53 +0200
Subject: [xsl] xsl as a hacker's tool
Keywords: xsltDEV
Reply-to: xsl-list at lists dot mulberrytech dot com


anyone read this?
http://www.theregister.co.uk/content/4/24815.html

it says that win-xp on executing a search downloads the following xsls

transform.xsl
balloon.xsl
prevectr.xsl
vector.xsl
boolean.xsl
pretrans.xsl
transform.xsl

why transform is repeated no idea, since I don't have XP can someone who
does send me these or post them or would this be illegal in our present day
world. I'm not gonna do this but it strikes me that bad people could maybe
write an exploit, manage to point the search at their own address instead of
http://sa.windows.com/ and then downloading their own xsls, these xsls would
hold ms namespace extensions and Oh boy!


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Follow-Ups:
- Re: xsl as a hacker's tool
  - From: Colin Findlay

References:
- Re: combine xml files
  - From: Thomas B. Passin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]