Changes for page Homoiconicity

Last modified by Nicolas Gregoire on 2012/01/05 00:18
From version Icon 5.1 Icon
edited by Nicolas Gregoire
on 2012/01/05 00:18
Change comment: Upload new image svg-webkit-small.png
To version Icon 6.1 Icon
edited by Nicolas Gregoire
on 2012/01/05 00:20
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -10,7 +10,6 @@
10 10  
11 11  
12 12  
13 -
14 14  == Triggering embedded code ==
15 15  
16 16  In some contexts (like browsers), XSLT code execution can be triggered while a XML document is parsed, via a xsl:stylesheet tag. The executed XSLT code can be stored on the Internet or in the XML document itself (homoiconicity + self-reference trick). A [[blog post>>http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html||rel="__blank"]] by Chris Evans describes a pseudo SVG file triggering a simple RAM DoS . But we can do better ;-)
... ... @@ -24,6 +24,8 @@
24 24  * fingerprint the underlying XSLT engine
25 25  * draw a circle (red if Webkit, green, otherwise)
26 26  
26 +[[image:svg-webkit-small.png||style="float: right"]]
27 +
27 27  == Evil SVG images ==
28 28  
29 29  Exploitcolor depends of the OS, ...) and exploit a specific vulnerability. This was demonstrated with[[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank" title="CVE-2011-1774"]] and a Webkit exploit tested on Windows, Linux, iOS and webOS.
... ... @@ -38,5 +38,3 @@
38 38  The process is the following :
39 39  
40 40  * The source XML file (do not
41 -
42 -
Icon svg-opera-small.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.NicolasGregoire
Size
... ... @@ -1,0 +1,1 @@
1 +13.7 KB
Content Icon