Fwd: Multiple Browsers DoS by evil javascript code

0 views
Skip to first unread message

Lostmon lords

unread,
Apr 6, 2008, 12:37:51 PM4/6/08
to vu...@secwatch.co.uk, Vu...@frsirt.com, moder...@osvdb.org, bu...@securitytracker.com, vu...@securityfocus.com, vu...@secunia.com, vu...@k-otik.com, submi...@packetstormsecurity.org, ne...@securiteam.com, xfo...@iss.net, ale...@zataz.net, da...@systemsecure.org, los...@googlegroups.com, Jose Luis Lopez
---------- Forwarded message ----------
From: Lostmon lords <los...@gmail.com>
Date: 06-abr-2008 15:44
Subject: Multiple Browsers DoS by evil javascript code
To: "product-...@apple.com" <product-...@apple.com>,
Microsoft Security Response Center <sec...@microsoft.com>,
aut...@avantbrowser.com


The exploit is attached in the rar file and the password is "infected"
a online exploit is also available at :
http://usuarios.lycos.es/reyfuss/xss/images/explorer/browser_die.html
and the original article acn be found at
http://lostmon.blogspot.com/2008/04/multiple-browsers-dos-by-evil.html

thnx to all !! for interesting...

Multiple Browsers DoS by Lostmon

Tested in windows with IE7,IE8,Mozilla Firefox,Avant browser,Flock
Browser,Safari browser
Opera Browser aparently is not vulnerable
In all cases the browser become slow & unresponsive and aplication is hang,
resulting in a recoverable DoS issue. The code play with the
document.href ,window.open.

i ofuscate the code to dificult others to look

XDDDDDD

Internet Explorer:

Aplicación que no responde: iexplore.exe, versión 8.0.6001.17184,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.

In ie 8 i have surprised, because if we open the exploit localy from
the desktop for example ...
and we allow the activex warnnig and allow popups , iexplorer opens a
window with the content
of c:\ .


i have surprised because the url(location.href) relative in the
exploit wen we open from desktop
is C:\documents and settings\YOUR_USER\desktop\browser_die.html
so why explorer opens a window with c:\ .. this is a incorrect
location.href location....


Click button to begin the exploit !!!

Flock Browser:
Aplicación que no responde: flock.exe, versión 1.1.1.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.


Mozilla Firefox:
Aplicación que no responde: firefox.exe, versión 1.8.20080.31114,
módulo que no responde hungapp, versión 0.0.0.0, dirección que
no responde 0x00000000.

Avant Browser:
Aplicación que no responde: avant.exe, versión 11.5.0.0,
módulo que no responde hungapp, versión 0.0.0.0,
dirección que no responde 0x00000000.

In avant browser if we have on the popups blocker the browser
become unresposive in a few seconds , if wen don´t have on,
the browser detect that this is a slow script, but become hang too.

Safari For windows:
In safari for windows ,if we have open a window with google for example,
and open the exploit in a new safari window with the exploit an click
in the button,
safari opens a few popups , and aftter close all popups and close
too the first window what open with google :O


Atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...

browser_die.rar
Reply all
Reply to author
Forward
0 new messages