Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48
From version Icon 2.2 Icon
edited by Nicolas Gregoire
on 2012/01/13 21:57
Change comment: There is no comment for this version
To version 1.1 Icon
edited by Nicolas Gregoire
on 2012/01/13 21:54
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -2,6 +2,8 @@
2 2  
3 3  == Applications ==
4 4  
5 +
6 +
5 5  Webkit is used as the rendering engine of numerous browsers :
6 6  
7 7  * Google Chrome : not vulnerable, because of its sandbox
... ... @@ -25,5 +25,3 @@
25 25  
26 26  Webkit uses [[libxslt>>Engine_libxslt]] as its XSLT engine. Old versions were not restricting __write__ access by the engine to the file system, leading to a remotely exploitable vulnerability ([[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank"]]). This was patched in [[Changeset 79159>>http://trac.webkit.org/changeset/79159||rel="__blank"]] by adding appropriate calls to xsltSetSecurityPrefs().
27 27  
28 -
29 -PoC included on the [[libxslt>>Engine_libxslt]] page are enough to demonstrate the vulnerability. A auxiliary plugin is available in Metasploit