18 lines
605 B
Text
Executable file
18 lines
605 B
Text
Executable file
SVG is a XML-based file format for static or animated images. Some SVG
|
|
specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some
|
|
Java code when the SVG file is opened.
|
|
|
|
Given that I had to look at these features for a customer, I developed
|
|
some PoC codes which are now available online:
|
|
|
|
http://www.agarri.fr/docs/batik-evil.svg
|
|
http://www.agarri.fr/docs/batik-evil.jar
|
|
|
|
http://www.exploit-db.com/sploits/18890.svg
|
|
http://www.exploit-db.com/sploits/18890.jar
|
|
|
|
I published a more detailed article on my blog:
|
|
http://www.agarri.fr/blog/
|
|
|
|
Regards,
|
|
Nicolas Grégoire / @Agarri_FR
|