On 5 Aug 2010, at 10:13, Ryan Sears wrote: Well I'm no expert but I'm going to see if I can reverse engineer the PDFs used for jailbreaking (obviously I'd need an ARM assembly book or someone who knows it :-P) and figure out exactly what they're doing. I agree with was said earlier, I'm not saying they're doing something malicious, but if I wanted to backdoor thousands of phones this is how I'D do it.
It didn't work for me. I use VoiceOver, which didn't like the (fake) slider implemented in javascript, so I had to spoof the UA on a Mac, grab the source, inspect it, grab the PDF, email it to myself ... it didn't work. :-( iPhone 3GS = 2,1, yes? > Either way anyone interested in doing the same I've discovered that the > webserver (lighthttpd 1.4.19) drops the index if you GET a null byte. > > http://www.jailbreakme.com/%00 Nice, did you just try it in case it might work, or does this constitute a vuln that wants fixing in current lighttpd? It's just that indexing happens to be enabled on http://jailbreakme.com/_/ too. > > Also if anyone knows how to get in contact with any of the admins for the > site (or anyone who runs it for that matter) please either let me know or let > them know. Ditto, thanks. Cheers, Sabahattin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
