# XSLT Server Side Injection \(Extensible Stylesheet Languaje Transformations\)
It is used to transform XML documents in another kind. Versions: 1, 2 and 3 \(1 is the most used\).
The transformation can be done in the server or in the browser\).
The most used frameworks are: **Libxslt** \(Gnome\), **Xalan** \(Apache\) and **Saxon** \(Saxonica\).
## Fingerprint
Upload this and take information
```text
Version:
Vendor:
Vendor URL:
Product Name:
Product Version:
Is Schema Aware ?:
Supports Serialization:
Supports Backwards Compatibility:
```
## Javascript Injection
```text
```
## Directory listing \(PHP\)
### **Opendir + readdir**
```text
-
-
-
-
-
-
-
-
-
```
### **Assert \(var\_dump + scandir + false\)**
```text
```
## Read files
### **Internal**
```text
]>
&ext_file;
```
### **Through HTTP**
```text
```
```text
]>
&passwd;
```
### **Internal \(PHP\)**
```text
```
```text
```
### Port scan
```text
```
## Write to a file
### XSLT 2.0
```text
Write Local File
```
### **Xalan-J extension**
```text
Write Local File
```
Other ways to write files in the PDF
## Include external XSL
```text
```
```text
```
## Execute code
### **php:function**
```text
```
```text
```
Execute code using other frameworks in the PDF
### **References**
[XSLT\_SSRF](https://feelsec.info/wp-content/uploads/2018/11/XSLT_SSRF.pdf)
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf)
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf)