Changes for page Homoiconicity

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -8,7 +8,6 @@
8	8
9	9
10	10
11		-
12	12	== Triggering embedded code ==
13	13
14	14	In some contexts (like browsers), XSLT code execution can be triggered while a XML document is parsed, via a xsl:stylesheet tag. The executed XSLT code can be stored on the Internet or in the XML document itself (homoiconicity + self-reference trick). A [[blog post>>http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html||rel="__blank"]] by Chris Evans describes a pseudo SVG file triggering a simple RAM DoS . But we can do better ;-)
...	...	@@ -21,17 +21,19 @@
21	21
22	22	* fingerprint the underlying XSLT engine
23	23	* draw a circle (red if Webkit, green otherwise)
24		-* try to exploit CVE-2011-
	23	+* try to exploit [[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank" title="CVE-2011-1774"]] if Webkit is detected
25	25
26		-In Opera :
	25	+Screenshot of Opera :
27	27	[[image:svg-opera-small.png||style="display: block; margin-left: auto; margin-right: auto"]]
28	28
29		-In Epiphany :
	28	+
	29	+
	30	+Screenshot of Epiphany :
30	30	[[image:svg-webkit-small.png||style="display: block; margin-left: auto; margin-right: auto"]]
31	31
32	32	== Evil SVG images ==
33	33
34		-Exploitcolor depends of the OS, ...) and exploit a specific vulnerability. This was demonstrated with[[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank" title="CVE-2011-1774"]] and a Webkit exploit tested on Windows, Linux, iOS and webOS.
	35	+Exploitcolor depends of the OS, ...) and exploit a specific vulnerability. This was demonstrated with [[CVE-2011-1774>>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774||rel="__blank" title="CVE-2011-1774"]] and a Webkit exploit tested on Windows, Linux, iOS and webOS.
35	35
36	36	From a security point of view, it is important to audit
37	37