Multiple Browsers DoS by Lostmon
Tested in windows with IE7,IE8,Mozilla Firefox,Avant browser,
Flock Browser,Safari browser, Opera Browser aparently is
not vulnerable.
In all cases the browser become slow & unresponsive and
aplication is hang, resulting in a recoverable DoS issue.
The code play with the document.href ,window.open.
I decide to ofuscate the code to dificult others to look.
Internet Explorer:
Aplicación que no responde: iexplore.exe, versión 8.0.6001.17184,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.
In ie 8 i have surprised, because if we open the exploit localy
from the desktop for example ... and we allow the activex warnnig
and allow popups , iexplorer opens a window with the contentcof c:\
I have surprised because the url(location.href) relative in the
exploit wen we open from desktop is C:\documents and
settings\YOUR_USER\desktop\browser_die.html
so why explorer opens a window with c:\ .. this is a incorrect
location.href location....
Flock Browser:
Aplicación que no responde: flock.exe, versión 1.1.1.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.
Mozilla Firefox:
Aplicación que no responde: firefox.exe, versión 1.8.20080.31114,
módulo que no responde hungapp, versión 0.0.0.0, dirección que
no responde 0x00000000.
Avant Browser:
Aplicación que no responde: avant.exe, versión 11.5.0.0,
módulo que no responde hungapp, versión 0.0.0.0,
dirección que no responde 0x00000000.
In avant browser if we have on the popups blocker the browser
become unresposive in a few seconds , if wen don´t have on,
the browser detect that this is a slow script, but become hang too.
Safari For windows:
In safari for windows ,if we have open a window with google
for example,and open the exploit in a new safari window with
the exploit an click in the button,safari opens a few popups,
and aftter close all popups and close of other windows.
too the first window what open with google :O
Demo of exploit:
Thnx to imydes from www.imydes.com for his support.
Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://Lostmon.blogspot.com
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...