Open fproulx-boostsecurity opened 3 months ago
xsltproc makes old-school XXE hard / if not impossible? because of URI constraints, but supported exsl:document extension (exslt.github.io/exsl/elements/document/index.html) provides an arbitrary write primitive (ex. Koha-Community/Koha@main/t/db_dependent/Koha/XSLT/Security.t#L64-L75)
Description of the LOTP tool
xsltproc makes old-school XXE hard / if not impossible? because of URI constraints, but supported exsl:document extension (exslt.github.io/exsl/elements/document/index.html) provides an arbitrary write primitive (ex. Koha-Community/Koha@main/t/db_dependent/Koha/XSLT/Security.t#L64-L75)