Editing Webbrowser
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 15: | Line 15: | ||
== Known Useragents == | == Known Useragents == | ||
PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita) | PlayStation Vita YouTube/1.0 libhttp/1.67 (PS Vita) | ||
PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita) | PlayStation Vita YouTube/2.1 libhttp/2.60 (PS Vita) | ||
Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier): | Useragent (Vita TV has trailing "Silk/3.2 VTE/2.50" or "Silk/3.2 VTE/3.30" as subidentifier): | ||
| Line 116: | Line 111: | ||
|- | |- | ||
| Mozilla/5.0 (PlayStation Vita 3.61) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.610.000_CEX|03.610.000]] || {{no}} | | Mozilla/5.0 (PlayStation Vita 3.61) AppleWebKit.537.73 (KHTML, like Gecko) Silk/3.2 || [[03.610.000_CEX|03.610.000]] || {{no}} | ||
|- | |- | ||
|} | |} | ||
== Webkit | == Webkit exploit == | ||
=== Terminology === | === Terminology === | ||
<div style="color: #000000; background-color: #e5e4e2; border: 1px solid #808000; padding: 5px; {{box-shadow|4px|4px|8px|#b0b090}}"> | <div style="color: #000000; background-color: #e5e4e2; border: 1px solid #808000; padding: 5px; {{box-shadow|4px|4px|8px|#b0b090}}"> | ||
An information security '''vulnerability''' is a mistake in software that can be directly used by a hacker to gain access to a system or network. | An information security '''vulnerability''' is a mistake in software that can be directly used by a hacker to gain access to a system or network. | ||
| Line 141: | Line 124: | ||
=== '''C'''ommon '''V'''ulnerabilities and '''E'''xposures list === | === '''C'''ommon '''V'''ulnerabilities and '''E'''xposures list === | ||
*http://www.lolhax.org/2014/10/28/psvita-webkit-for-2-00/ | |||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 | |||
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577 | |||
*http://acez.re/ps-vita-level-1-webkitties-3/ | |||
* | |||
http://packetstormsecurity.com/files/123089/Packet-Storm-Advisory-2013-0903-1-Apple-Safari-Heap-Buffer-Overflow.html (related to | |||
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748 / https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3748) | |||
*https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1303 http://wololo.net/2015/04/22/new-webkit-exploit-found-vita-maybe-playstation-4/ (up to FW [[03.360.000_CEX|3.36]]) | |||
* https:// | |||
=== Repositories === | === Repositories === | ||
<=1.81 webkit exploit PoC: | <=1.81 webkit exploit PoC: | ||
* [https://github.com/joshaxey/badnanna181/tree/master discarded repro reduction for <=1.81] by '''joshaxey''' | |||
* [https://github.com/joshaxey/badnanna181/tree/master discarded repro reduction for <=1.81] by ''' | |||
1.50-1.69-1.80 HTMLit: | 1.50-1.69-1.80 HTMLit: | ||
| Line 177: | Line 146: | ||
ROPtool: | ROPtool: | ||
* [https://github.com/xyzz/roptool-legacy old version] by '''Davee''' | * [https://github.com/xyzz/roptool-legacy old version] by '''Davee''' | ||
* [https://bitbucket.org/DaveeFTW/roptool new version] by '''Davee''' | * [https://bitbucket.org/DaveeFTW/roptool new version] by '''Davee''' | ||
1.61 files for HTMLit and ROPtool: | 1.61 files for HTMLit and ROPtool: | ||
* [https://github.com/xyzz/wk161 | * [https://github.com/xyzz/wk161 wk161]by '''xyz''' | ||
1.80 files for ROPtool: | 1.80 files for ROPtool: | ||
* [https://bitbucket.org/DaveeFTW/wk180-roptool-target | * [https://bitbucket.org/DaveeFTW/wk180-roptool-target] by '''Davee''' | ||
1.81 ROP: | 1.81 ROP: | ||
* [https://github.com/SMOKE5/VitaROP VitaROP] by '''SMOKE''' | * [https://github.com/SMOKE5/VitaROP VitaROP] by '''SMOKE''' | ||
2.60 webkit exploit PoC: | 2.60 webkit exploit PoC: | ||
* [https://bitbucket.org/DaveeFTW/psvita-260-webkit psvita-260-webkit] by '''Davee''' | * [https://bitbucket.org/DaveeFTW/psvita-260-webkit psvita-260-webkit] by '''Davee''' | ||
3.18 webkit exploit PoC: | 3.18 webkit exploit PoC: | ||
* [https://github.com/BrianBTB/codelion_poc codelion_poc] by '''Codelion''' and '''BrianBTB''' | * [https://github.com/BrianBTB/codelion_poc codelion_poc] by '''Codelion''' and '''BrianBTB''' | ||
3.15-3.18 memory dumping: | |||
* [https://github.com/BrianBTB/JSoS-Module-Dump-Release JSoS-Module-Dump-Release] by '''BrianBTB''' | * [https://github.com/BrianBTB/JSoS-Module-Dump-Release JSoS-Module-Dump-Release] by '''BrianBTB''' | ||
3.15-3.18 webkitties: | 3.15-3.18 webkitties: | ||
| Line 224: | Line 185: | ||
Other tools: | Other tools: | ||
* [https://github.com/xyzz/vitadump vitadump IDA plugin] by '''xyz''' | * [https://github.com/xyzz/vitadump vitadump IDA plugin] by '''xyz''' | ||
* [https://bitbucket.org/Archaemic/memory-splicer memory-splicer] by '''Archaemic''' | |||
=== | === Code, Test & Tool === | ||
* [http://www.lolhax.org/vita.htm live test] | * [http://www.lolhax.org/vita.htm live test] [http://wololo.net/v/webkit/vita.htm live test (miror)], [http://wololo.net/v/260.htm live test (old)] | ||
* [http://wololo.net/downloads/index.php/download/8231 memtools_vita] https://github.com/BrianBTB/memtools_vita/ | |||
* [http://wololo.net/downloads/index.php/download/8233 ROPTool] | |||
* [http://wololo.net/downloads/index.php/download/8234 HTMLIt] | |||
** http://pastie.org/private/ugchhaqctvmw5rrg5w37ka <- load more modules for the JSoS module dumper :) | |||
* [http://pastebin.com/XNeALEbC SMOKE's Support_Uri Rop script] | |||
=== Webkit Modules === | === Webkit Modules === | ||
* http://rghost.net/private/59665268/46690bd89ae7f298e4df145059c0d3e2 (3.18 dump) | |||
* | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| Line 456: | Line 420: | ||
|- | |- | ||
| SceWebKitProcess || | | SceWebKitProcess || | ||
|- | |||
|} | |} | ||