| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Aug 2010 12:01:59 +0100 From: Benji <me@...ji.com> To: Mario Vilas <mvilas@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: On the iPhone PDF and kernel exploit .. surely if this was the index of webroot we'd see faq.html etc? are we sure that this isnt infact a purpose made folder? On Thu, Aug 5, 2010 at 11:59 AM, Mario Vilas <mvilas@...il.com> wrote: > http://jailbreakme.com/_/ gives me a 404 Not Found error. > > There were a few vulnerabilities in lighthttpd related to the %00 character > but after googling a while I couldn't find this particular one. I guess it's > worth reporting if this still works in the current version (1.5.0). > On Thu, Aug 5, 2010 at 12:04 PM, Sabahattin Gucukoglu > <mail@...ahattin-gucukoglu.com> wrote: >> >> On 5 Aug 2010, at 10:13, Ryan Sears wrote: >> Well I'm no expert but I'm going to see if I can reverse engineer the PDFs >> used for jailbreaking (obviously I'd need an ARM assembly book or someone >> who knows it :-P) and figure out exactly what they're doing. I agree with >> was said earlier, I'm not saying they're doing something malicious, but if I >> wanted to backdoor thousands of phones this is how I'D do it. >> >> It didn't work for me. I use VoiceOver, which didn't like the (fake) >> slider implemented in javascript, so I had to spoof the UA on a Mac, grab >> the source, inspect it, grab the PDF, email it to myself ... it didn't work. >> :-( iPhone 3GS = 2,1, yes? >> >> > Either way anyone interested in doing the same I've discovered that the >> > webserver (lighthttpd 1.4.19) drops the index if you GET a null byte. >> > >> > http://www.jailbreakme.com/%00 >> >> Nice, did you just try it in case it might work, or does this constitute a >> vuln that wants fixing in current lighttpd? It's just that indexing happens >> to be enabled on http://jailbreakme.com/_/ too. >> > >> > Also if anyone knows how to get in contact with any of the admins for >> > the site (or anyone who runs it for that matter) please either let me know >> > or let them know. >> >> Ditto, thanks. >> >> Cheers, >> Sabahattin >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > HONEY: I want to… put some powder on my nose. > GEORGE: Martha, won’t you show her where we keep the euphemism? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists