Changes for page Homoiconicity

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -2,10 +2,12 @@
2	2
3	3	Homoiconicity is the property of a programming language that the code and the data are stored in the same format. For example, the following languages are homoiconics :
4	4
5		-* ASM : using bytes stored in memory
6	6	* Lisp : using lists and theirs sub-types
	6	+* ASM : using bytes stored in memory
7	7	* XSLT : using the XML format
8	8
	9	+In some memory corruption exploits, shellcode is transmitted as data and later executed when the execution flow is altered. This is possible because of homoiconicity. Executing code transmitted as data is sometimes possible with XSLT too.
	10	+
9	9	== Triggering embedded code ==
10	10
11	11	In some contexts (like browsers), XSLT code execution can be triggered while a XML document is parsed, via a xsl:stylesheet tag. The executed XSLT code can be stored on the Internet or in the XML document itself (homoiconicity + self-reference trick). A [[blog post>>http://scarybeastsecurity.blogspot.com/2011/01/harmless-svg-xslt-curiousity.html||rel="__blank"]] by Chris Evans describes a pseudo SVG file triggering a simple RAM DoS . But we can do better ;-)