xslt-injection

What problem does it solve?

XSLT injection testing helps security teams identify and characterize server-side transformation vulnerabilities across different processor families, enabling proactive risk mitigation.

Core Features & Use Cases

• Fingerprint processor family (Java/Xalan, Saxon, libxslt) and determine applicable exploitation paths.
• Validate external entities and document() SSRF vectors, including out-of-band scenarios where allowed.
• Identify EXSLT write capabilities and potential extension surfaces for PHP/Java/.NET stacks.
• Provide safe, authorization-governed testing guidance with lab-friendly payloads and remediation strategies.

Quick Start

Identify XSLT processors in scope and run targeted payloads to map capabilities.