|
Full Disclosure
mailing list archives
Re: Trigerring Java code from a SVG image
From: Dan Kaminsky <dan () doxpara com>
Date: Wed, 16 May 2012 02:13:13 -0700
Yeah, there's a bunch of wild stuff in SVG. The browsers ignore most of
it, AFAIK. I think Firefox is the only browser to even consider
ForeignObjects (which let you throw HTML back into SVG).
Probably the most interesting SVG thing is how they either do or don't have
script access, depending on whether or not they're loaded as <img>'s. It
would be problematic indeed if <img src="foo.jpg"> could suddenly render
script!
On Tue, May 15, 2012 at 5:07 AM, Nicolas Grégoire <
nicolas.gregoire () agarri fr> wrote:
Hello,
SVG is a XML-based file format for static or animated images. Some SVG
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
Java code when the SVG file is opened.
Given that I had to look at these features for a customer, I developed
some PoC codes which are now available online:
http://www.agarri.fr/docs/batik-evil.svg
http://www.agarri.fr/docs/batik-evil.jar
I published a more detailed article on my blog:
http://www.agarri.fr/blog/
Regards,
Nicolas Grégoire / @Agarri_FR
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
