Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48

From version Icon 16.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:44
Change comment: There is no comment for this version
To version Icon 15.3 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:42
Change comment: Added tag [exploit]

Summary

Details

Icon Page properties
Content
... ... @@ -48,4 +48,4 @@
48 48  * [[webos-root-backdoor.xml>>attach:webos-root-backdoor.xml]] contains the configurable data (name and content of the destination file) and a processing instruction triggering the XSLT code
49 49  * [[webos-root-backdoor.xsl>>attach:webos-root-backdoor.xsl]] reads the XML file and create the requested file on disk. This version overwrites a script located in /etc/default/ with a version including a reverse-shell based on netcat
50 50  
51 -Browsing the XML file from a vulnerable device is enough to trigger the exploit. This was patched during the 3.0.2 OTA update.
51 +Browsing the XML file from a vulnerable device is enough to trigger the exploit.