Changes for page Homoiconicity

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -11,7 +11,6 @@
11	11
12	12
13	13
14		-
15	15	== Triggering embedded code ==
16	16
17	17	In some contexts (like browsers), XSLT code execution can be triggered while a XML document is parsed, via a xsl:stylesheet tag. The executed XSLT code can be stored on the Internet or in the XML document itself (homoiconicity + self-reference trick). A [[blog post>>http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html||rel="__blank"]] by Chris Evans describes a pseudo SVG file triggering a simple RAM DoS . But we can do better ;-)
...	...	@@ -18,13 +18,13 @@
18	18
19	19	== Simple dynamic SVG images ==
20	20
21		-We can create XML files which will be interpreted by browsers like perfectly valid self-contained dynamic SVG images. The SVG file is then generated on the fly by the (Turing complete) XSLT engine of the browser. In the following example, the XSLT code will
	20	+We can create XML files which will be interpreted by browsers like perfectly valid self-contained dynamic SVG images. The SVG file is then generated on the fly by the (Turing complete) XSLT engine of the browser.
22	22
	22	+In the following example, the XSLT code will :
	23	+
23	23	* fingerprint the underlying XSLT engine
24	24	* draw a circle (red if Webkit, green, otherwise)
25		-* display some properties
26	26
27		-
28	28	== Evil SVG images ==
29	29
30	30	Exploitcolor depends of the OS, ...) and exploit a specific vulnerability. This was demonstrated with[[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank" title="CVE-2011-1774"]] and a Webkit exploit tested on Windows, Linux, iOS and webOS.
...	...	@@ -41,5 +41,3 @@
41	41	* The source XML file (do not
42	42
43	43
44		-
45		-