Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48
From version Icon 17.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 18:48
Change comment: There is no comment for this version
To version Icon 16.1 Icon
edited by Nicolas Gregoire
on 2012/01/14 00:44
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -1,10 +5,6 @@
1 -{{toc/}}
2 -
3 -= Introduction =
4 -
5 5  Dixit [[Wikipedia>>http://en.wikipedia.org/wiki/Webkit||rel="__blank"]] : "//WebKit is a layout engine designed to allow web browsers to render web pages. WebKit powers Google Chrome and Apple Safari that by December 2011 held 33.35% of the browser market share between them (according to StatCounter). It is also used as the basis for the experimental browser included with the Amazon Kindle ebook reader, as well as the default browser in the iOS, Android and webOS mobile operating systems."//
6 6  
7 -= Applications =
3 +== Applications ==
8 8  
9 9  Webkit is used as the rendering engine of numerous browsers :
10 10  
... ... @@ -25,7 +25,7 @@
25 25  * Valve Steam : untested
26 26  * and much more ...
27 27  
28 -= File creation vulnerability =
24 +== File creation vulnerability ==
29 29  
30 30  Webkit uses [[libxslt>>Engine_libxslt]] as its XSLT engine. Old versions were not restricting __write__ access by the engine to the file system, leading to a remotely exploitable vulnerability ([[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank"]]). This was patched in [[Changeset 79159>>http://trac.webkit.org/changeset/79159||rel="__blank"]] by adding appropriate calls to xsltSetSecurityPrefs().
31 31  
... ... @@ -38,7 +38,7 @@
38 38  
39 39  [[image:ipad-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
40 40  
41 -= Metasploit =
37 +== Metasploit ==
42 42  
43 43  Two modules are included in Metasploit :
44 44  
... ... @@ -45,7 +45,7 @@
45 45  * a [[auxiliary>>http://www.metasploit.com/modules/auxiliary/server/webkit_xslt_dropper||rel="__blank"]] working on any non-sandboxed non-patched Webkit device
46 46  * an [[exploit>>http://www.metasploit.com/modules/exploit/windows/browser/safari_xslt_output||rel="__blank"]] plugin targeting Safari users with Admin privileges (because of the MOF trick)
47 47  
48 -= HP webOS 3.x =
44 +== HP webOS 3.x ==
49 49  
50 50  An exploit for HP webOS 3.x was developed. This exploit drops a backdoor which is later executed with root privileges at boot time. The exploit is composed of two files :
51 51