Full Disclosure mailing list archives
Re: On the iPhone PDF and kernel exploit
From: Benji <me () b3nji com>
Date: Thu, 5 Aug 2010 12:01:59 +0100
.. surely if this was the index of webroot we'd see faq.html etc? are we sure that this isnt infact a purpose made folder? On Thu, Aug 5, 2010 at 11:59 AM, Mario Vilas <mvilas () gmail com> wrote:
http://jailbreakme.com/_/ gives me a 404 Not Found error. There were a few vulnerabilities in lighthttpd related to the %00 character but after googling a while I couldn't find this particular one. I guess it's worth reporting if this still works in the current version (1.5.0). On Thu, Aug 5, 2010 at 12:04 PM, Sabahattin Gucukoglu <mail () sabahattin-gucukoglu com> wrote:On 5 Aug 2010, at 10:13, Ryan Sears wrote: Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used for jailbreaking (obviously I'd need an ARM assembly book or someone who knows it :-P) and figure out exactly what they're doing. I agree with was said earlier, I'm not saying they're doing something malicious, but if I wanted to backdoor thousands of phones this is how I'D do it. It didn't work for me. I use VoiceOver, which didn't like the (fake) slider implemented in javascript, so I had to spoof the UA on a Mac, grab the source, inspect it, grab the PDF, email it to myself ... it didn't work. :-( iPhone 3GS = 2,1, yes?Either way anyone interested in doing the same I've discovered that the webserver (lighthttpd 1.4.19) drops the index if you GET a null byte. http://www.jailbreakme.com/%00Nice, did you just try it in case it might work, or does this constitute a vuln that wants fixing in current lighttpd? It's just that indexing happens to be enabled on http://jailbreakme.com/_/ too.Also if anyone knows how to get in contact with any of the admins for the site (or anyone who runs it for that matter) please either let me know or let them know.Ditto, thanks. Cheers, Sabahattin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- On the iPhone PDF and kernel exploit Marcello Barnaba (void) (Aug 04)
- Re: On the iPhone PDF and kernel exploit Zach C (Aug 04)
- Re: On the iPhone PDF and kernel exploit Pablo Ximenes (Aug 04)
- Re: On the iPhone PDF and kernel exploit Marcello Barnaba (void) (Aug 04)
- Re: On the iPhone PDF and kernel exploit Ryan Sears (Aug 05)
- Re: On the iPhone PDF and kernel exploit Sabahattin Gucukoglu (Aug 05)
- Re: On the iPhone PDF and kernel exploit Mario Vilas (Aug 05)
- Re: On the iPhone PDF and kernel exploit Benji (Aug 05)
- Re: On the iPhone PDF and kernel exploit Sagar Belure (Aug 05)
- Re: On the iPhone PDF and kernel exploit Jose Miguel Esparza (Aug 06)
- Re: On the iPhone PDF and kernel exploit Robert Święcki (Aug 06)
- Re: On the iPhone PDF and kernel exploit Jose Miguel Esparza (Aug 06)
- Re: On the iPhone PDF and kernel exploit Jose Miguel Esparza (Aug 24)