Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48

From version

edited by Nicolas Gregoire
on 2012/01/14 00:08

Change comment: There is no comment for this version

To version

edited by Nicolas Gregoire
on 2012/01/14 00:32

Change comment: There is no comment for this version

Summary

Page properties (1 modified, 0 added, 0 removed)
Attachments (0 modified, 2 added, 0 removed)
- ipad-tmp-owned.png
- macos-tmp-owned.png

Page properties

Content

@@ -26,8 +26,14 @@
  Webkit uses [[libxslt>>Engine_libxslt]] as its XSLT engine. Old versions were not restricting __write__ access by the engine to the file system, leading to a remotely exploitable vulnerability ([[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank"]]). This was patched in [[Changeset 79159>>http://trac.webkit.org/changeset/79159||rel="__blank"]] by adding appropriate calls to xsltSetSecurityPrefs().
--PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability.
++PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability :
++[[image:macos-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
++
++
++
++[[image:ipad-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
++
  == Meatsploit ==
  Two modules are included in Metasploit :

ipad-tmp-owned.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+xwiki:XWiki.NicolasGregoire

Size

...	...	@@ -1,0 +1,1 @@
	1	+11.9 KB

Content

macos-tmp-owned.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+xwiki:XWiki.NicolasGregoire

Size

...	...	@@ -1,0 +1,1 @@
	1	+12.4 KB

Content