lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEW7ACnxgohKx0VWraQ8FmcWArZxzqLAp+WWT5OsYS2GQe0AHQ@mail.gmail.com>
Date: Wed, 16 May 2012 02:13:13 -0700
From: Dan Kaminsky <dan@...para.com>
To: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Trigerring Java code from a SVG image

Yeah, there's a bunch of wild stuff in SVG.  The browsers ignore most of
it, AFAIK.  I think Firefox is the only browser to even consider
ForeignObjects (which let you throw HTML back into SVG).

Probably the most interesting SVG thing is how they either do or don't have
script access, depending on whether or not they're loaded as <img>'s.  It
would be problematic indeed if <img src="foo.jpg"> could suddenly render
script!


On Tue, May 15, 2012 at 5:07 AM, Nicolas Grégoire <
nicolas.gregoire@...rri.fr> wrote:

> Hello,
>
> SVG is a XML-based file format for static or animated images. Some SVG
> specifications (like  SVG 1.1 and SVG Tiny 1.2) allow to trigger some
> Java code when the SVG file is opened.
>
> Given that I had to look at these features for a customer, I developed
> some PoC codes which are now available online:
> http://www.agarri.fr/docs/batik-evil.svg
> http://www.agarri.fr/docs/batik-evil.jar
>
> I published a more detailed article on my blog:
> http://www.agarri.fr/blog/
>
> Regards,
> Nicolas Grégoire / @Agarri_FR
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ