| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABAEwV_x8ikrS1Ajcmmj=md4NOL=3ueVD62+3T0GCnvxVy9orQ@mail.gmail.com> Date: Wed, 16 May 2012 15:16:52 +0200 From: Krzysztof Kotowicz <kkotowicz+fd@...il.com> To: Dan Kaminsky <dan@...para.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Trigerring Java code from a SVG image Kind of. You can still do some stuff from <img> in Opera. http://kotowicz.net/opera/ On Wed, May 16, 2012 at 12:25 PM, Dan Kaminsky <dan@...para.com> wrote: > Anything from <img> in any browser? > > > On Wed, May 16, 2012 at 2:25 AM, Michele Orru <antisnatchor@...il.com> > wrote: >> >> Mario Heiderich did a lot of research on that, he found so many bugs >> that allowed >> to embed Javascript in SVG images. >> >> Nice stuff Nick btw, >> >> Cheers >> antisnatchor >> >> On Wed, May 16, 2012 at 10:13 AM, Dan Kaminsky <dan@...para.com> wrote: >> > Yeah, there's a bunch of wild stuff in SVG. The browsers ignore most of >> > it, >> > AFAIK. I think Firefox is the only browser to even consider >> > ForeignObjects >> > (which let you throw HTML back into SVG). >> > >> > Probably the most interesting SVG thing is how they either do or don't >> > have >> > script access, depending on whether or not they're loaded as <img>'s. >> > It >> > would be problematic indeed if <img src="foo.jpg"> could suddenly render >> > script! >> > >> > >> > On Tue, May 15, 2012 at 5:07 AM, Nicolas Grégoire >> > <nicolas.gregoire@...rri.fr> wrote: >> >> >> >> Hello, >> >> >> >> SVG is a XML-based file format for static or animated images. Some SVG >> >> specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some >> >> Java code when the SVG file is opened. >> >> >> >> Given that I had to look at these features for a customer, I developed >> >> some PoC codes which are now available online: >> >> http://www.agarri.fr/docs/batik-evil.svg >> >> http://www.agarri.fr/docs/batik-evil.jar >> >> >> >> I published a more detailed article on my blog: >> >> http://www.agarri.fr/blog/ >> >> >> >> Regards, >> >> Nicolas Grégoire / @Agarri_FR >> >> >> >> _______________________________________________ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >> > >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> -- >> /antisnatchor > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists