This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
Re: xsl as a hacker's tool
- From: "Colin Findlay" <colin at dijit dot net>
- To: <xsl-list at lists dot mulberrytech dot com>
- Date: Fri, 12 Apr 2002 15:23:02 +0100
- Subject: Re: [xsl] xsl as a hacker's tool
- References: <DCEPIHHFOCEMDBGBKIOPCEGGCGAA.bry@itnisk.com>
- Reply-to: xsl-list at lists dot mulberrytech dot com
Why not just download them??
http://sa.windows.com/transform.xsl
Col.
----- Original Message -----
From: "Bryan Rasmussen" <bry@itnisk.com>
To: <xsl-list@lists.mulberrytech.com>
Sent: Friday, April 12, 2002 1:59 PM
Subject: [xsl] xsl as a hacker's tool
>
> anyone read this?
> http://www.theregister.co.uk/content/4/24815.html
>
> it says that win-xp on executing a search downloads the following xsls
>
> transform.xsl
> balloon.xsl
> prevectr.xsl
> vector.xsl
> boolean.xsl
> pretrans.xsl
> transform.xsl
>
> why transform is repeated no idea, since I don't have XP can someone who
> does send me these or post them or would this be illegal in our present
day
> world. I'm not gonna do this but it strikes me that bad people could maybe
> write an exploit, manage to point the search at their own address instead
of
> http://sa.windows.com/ and then downloading their own xsls, these xsls
would
> hold ms namespace extensions and Oh boy!
>
>
> XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list