Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48

From version

edited by Nicolas Gregoire
on 2012/01/14 00:38

Change comment: Upload new attachment webos-root-backdoor.xml

To version

edited by Nicolas Gregoire
on 2012/01/14 00:42

Change comment: Added tag [webkit, libxslt, metasploit, webOS, Apple, Safari, iPhone, iPad]

Summary

Page properties

Tags

...	...	@@ -1,0 +1,1 @@
	1	+webkit\|libxslt\|metasploit\|webOS\|Apple\|Safari\|iPhone\|iPad

Content

@@ -47,3 +47,5 @@
  * [[webos-root-backdoor.xml>>attach:webos-root-backdoor.xml]] contains the configurable data (name and content of the destination file) and a processing instruction triggering the XSLT code
  * [[webos-root-backdoor.xsl>>attach:webos-root-backdoor.xsl]] reads the XML file and create the requested file on disk. This version overwrites a script located in /etc/default/ with a version including a reverse-shell based on netcat
++
++Browsing the XML file from a vulnerable device is enough to trigger the exploit.