[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] On the iPhone PDF and kernel exploit
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] On the iPhone PDF and kernel exploit
- From: Sabahattin Gucukoglu <mail@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 5 Aug 2010 11:04:50 +0100
On 5 Aug 2010, at 10:13, Ryan Sears wrote:
Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used
for jailbreaking (obviously I'd need an ARM assembly book or someone who knows
it :-P) and figure out exactly what they're doing. I agree with was said
earlier, I'm not saying they're doing something malicious, but if I wanted to
backdoor thousands of phones this is how I'D do it.
It didn't work for me. I use VoiceOver, which didn't like the (fake) slider
implemented in javascript, so I had to spoof the UA on a Mac, grab the source,
inspect it, grab the PDF, email it to myself ... it didn't work. :-( iPhone
3GS = 2,1, yes?
> Either way anyone interested in doing the same I've discovered that the
> webserver (lighthttpd 1.4.19) drops the index if you GET a null byte.
>
> http://www.jailbreakme.com/%00
Nice, did you just try it in case it might work, or does this constitute a vuln
that wants fixing in current lighttpd? It's just that indexing happens to be
enabled on http://jailbreakme.com/_/ too.
>
> Also if anyone knows how to get in contact with any of the admins for the
> site (or anyone who runs it for that matter) please either let me know or let
> them know.
Ditto, thanks.
Cheers,
Sabahattin
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/