Changes for page Application_Webkit

Last modified by Nicolas Gregoire on 2012/01/14 17:48

From 8.1 to 9.1 From 12.1 to 13.1

From version

9.1

edited by Nicolas Gregoire
on 2012/01/14 00:30

Change comment: Upload new image ipad-tmp-owned.png

To version

12.1

edited by Nicolas Gregoire
on 2012/01/14 00:33

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Attachments (0 modified, 1 added, 0 removed)
- macos-tmp-owned.png

Details

Page properties

Content

@@ -26,8 +26,14 @@
  Webkit uses [[libxslt>>Engine_libxslt]] as its XSLT engine. Old versions were not restricting __write__ access by the engine to the file system, leading to a remotely exploitable vulnerability ([[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank"]]). This was patched in [[Changeset 79159>>http://trac.webkit.org/changeset/79159||rel="__blank"]] by adding appropriate calls to xsltSetSecurityPrefs().
--PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability.
++PoC included on the [[libxslt>>Engine_libxslt]] page demonstrate the vulnerability :
++[[image:macos-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
++
++
++
++[[image:ipad-tmp-owned.png||style="display: block; margin-left: auto; margin-right: auto"]]
++
  == Meatsploit ==
  Two modules are included in Metasploit :
@@ -39,5 +39,5 @@
  An exploit for HP webOS 3.x was developed. This exploit drops a backdoor which is later executed with root privileges at boot time. The exploit is composed of two files :
--* [[webos-root-backdoor.xml>>attach:webos-root-backdoor.xml]] contains the configurable data (name and content of the destination file) and a processing instruction trigger the XSLT code
++* [[webos-root-backdoor.xml>>attach:webos-root-backdoor.xml]] contains the configurable data (name and content of the destination file) and a processing instruction triggering the XSLT code
  * [[webos-root-backdoor.xsl>>attach:webos-root-backdoor.xsl]] reads the XML file and create the requested file on disk. This version overwrites a script located in /etc/default/ with a version including a reverse-shell based on netcat

macos-tmp-owned.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+xwiki:XWiki.NicolasGregoire

Size

...	...	@@ -1,0 +1,1 @@
	1	+12.4 KB

Content

Changes for page Application_Webkit

Summary

Details

Welcome

Recently Modified

Changes for page Application_Webkit

Summary

Details

Welcome

Recently Modified

Tag Cloud