Multiple Browsers DoS by evil javascript code

Sunday, April 06, 2008

Multiple Browsers DoS by Lostmon


Tested in windows with IE7,IE8,Mozilla Firefox,Avant browser,
Flock Browser,Safari browser, Opera Browser aparently is
not vulnerable.

In all cases the browser become slow & unresponsive and
aplication is hang, resulting in a recoverable DoS issue.
The code play with the document.href ,window.open.

I decide to ofuscate the code to dificult others to look.

Internet Explorer:
Aplicación que no responde: iexplore.exe, versión 8.0.6001.17184,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.

In ie 8 i have surprised, because if we open the exploit localy
from the desktop for example ... and we allow the activex warnnig
and allow popups , iexplorer opens a window with the contentcof c:\

I have surprised because the url(location.href) relative in the
exploit wen we open from desktop is C:\documents and
settings\YOUR_USER\desktop\browser_die.html

so why explorer opens a window with c:\ .. this is a incorrect
location.href location....

Flock Browser:

Aplicación que no responde: flock.exe, versión 1.1.1.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.

Mozilla Firefox:
Aplicación que no responde: firefox.exe, versión 1.8.20080.31114,
módulo que no responde hungapp, versión 0.0.0.0, dirección que
no responde 0x00000000.


Avant Browser:
Aplicación que no responde: avant.exe, versión 11.5.0.0,
módulo que no responde hungapp, versión 0.0.0.0,
dirección que no responde 0x00000000.

In avant browser if we have on the popups blocker the browser
become unresposive in a few seconds , if wen don´t have on,
the browser detect that this is a slow script, but become hang too.

Safari For windows:

In safari for windows ,if we have open a window with google
for example,and open the exploit in a new safari window with
the exploit an click in the button,safari opens a few popups,
and aftter close all popups and close of other windows.
too the first window what open with google :O

Demo of exploit:



Thnx to imydes from www.imydes.com for his support.

Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://Lostmon.blogspot.com
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...