Full Disclosure mailing list archives
Browser bugs [DoS] - Do they bite?
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sun, 11 Apr 2004 01:32:34 -0700
Browser bugs [DoS] ... where will you draw a line?DoS bugs that cause permanent damage are treated differently, of course. For example, I could imagine a bug that would corrupt some critical file
what about Browser bugs[DoS] a XSS vunerable site? simple javascript leveraged against a host that has a XSS issue. so if you could embed <script>javascript:location.reload()</script> in a high traffic, XSS'able site, you could cause a denial of service to the webserver from the users trying to view the site. http://host/stupidscript?someoption=<script>javascript:location.reload()</script
will continuily refresh to http://host/stupidscript , since it is XSS'able, the server returns the script only to be executed again and again and ( you get the picture ) could be used legitematly for a "net-sit-in" to deny a site as well. see: http://nothackers.org/pipermail/0day/2003-October/000236.html and exactly why does this produce such an odd result? http://ws.arin.net/cgi-bin/whois.pl?queryinput=<script>javascript:location.reloa d()</script> Search results for: (N) orwegian Telecommunications Administration (OTA) (A) sian Development Bank (SDB-1) USDA - Office of Operations (UOO) Shipleys Donut Shops ( yum! donuts. but they did fix thier XSS ) m.wood http://exploitlabs.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Browser bugs [DoS] ... where will you draw a line? bipin gautam (Apr 09)
- Re: Browser bugs [DoS] ... where will you draw a line? Heikki Toivonen (Apr 09)
- Re: Browser bugs [DoS] ... where will you draw a line? bipin gautam (Apr 09)
- Browser bugs [DoS] - Do they bite? morning_wood (Apr 11)
- Re: Browser bugs [DoS] ... where will you draw a line? Heikki Toivonen (Apr 09)