[Full-Disclosure] Browser bugs [DoS] - Do they bite?

From: morning_wood (se_cur_ity_at_hotmail.com)
Date: 04/11/04

  • Next message: mmo_at_remote-exploit.org: "Re: [Full-Disclosure] Cisco LEAP exploit tool..."
    To: <full-disclosure@lists.netsys.com>
    Date: Sun, 11 Apr 2004 01:32:34 -0700
    
    

    > > Browser bugs [DoS] ... where will you draw a line?
    >
    > DoS bugs that cause permanent damage are treated differently, of course.
    > For example, I could imagine a bug that would corrupt some critical file

    what about Browser bugs[DoS] a XSS vunerable site?
    simple javascript leveraged against a host that has a XSS issue.
    so if you could embed <script>javascript:location.reload()</script>
    in a high traffic, XSS'able site, you could cause a denial of service
    to the webserver from the users trying to view the site.

    http://host/stupidscript?someoption=>javascript:location.reload()</script
    >

    will continuily refresh to http://host/stupidscript , since it is XSS'able, the
    server
    returns the script only to be executed again and again and ( you get the
    picture )
    could be used legitematly for a "net-sit-in" to deny a site as well.

    see: http://nothackers.org/pipermail/0day/2003-October/000236.html

    and exactly why does this produce such an odd result?
    http://ws.arin.net/cgi-bin/whois.pl?queryinput=>javascript:location.reloa
    d()</script>

    Search results for:
    (N) orwegian Telecommunications Administration (OTA)
    (A) sian Development Bank (SDB-1)
    USDA - Office of Operations (UOO)
    Shipleys Donut Shops

     ( yum! donuts. but they did fix thier XSS )

    m.wood
    http://exploitlabs.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: mmo_at_remote-exploit.org: "Re: [Full-Disclosure] Cisco LEAP exploit tool..."