[Full-disclosure] Fun with DHTML
How bugs can you find in your browser? The recent IE issues only scratched the service of the DHTML/behavior bugs. The HTML/JS page below can be used to find all sorts of bugs in different browsers. I stopped caring about these after the first three invalid derefences. http://metasploit.com/users/hdm/tools/hamachi/hamachi.html -HD PS. If you find something easily exploitable, at least give the vendor a heads-up. Some of the new folks on the MS IE team are the same people who posted bugs to this list a couple years ago, so cut them some slack :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fun with DHTML
H D Moore wrote:
> How bugs can you find in your browser? The recent IE issues only scratched
> the service of the DHTML/behavior bugs. The HTML/JS page below can be
> used to find all sorts of bugs in different browsers. I stopped caring
> about these after the first three invalid derefences.
>
> http://metasploit.com/users/hdm/tools/hamachi/hamachi.html
Nice work !
On the IE front, besides the now known createTextRange() problem, no other high
risk behavior is observed.
However, you tool will uncover a *new, low risk IE vulnerability* (DoS). When
using the removeAttribute() method on certain HTML elements, a NULL pointer is
accessed, leading to a browser crash. The vulnerable elemets are FORM, TABLE,
and SELECT:
function nullptr(){
a=document.getElementById('s').removeAttribute(0);
}
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fun with DHTML
On Wed, Mar 22, 2006 at 04:22:27PM -0600, H D Moore wrote: > PS. If you find something easily exploitable, at least give the vendor a > heads-up. Some of the new folks on the MS IE team are the same people who > posted bugs to this list a couple years ago, so cut them some slack :-) > a triple more reasons to send all of your 0days to m$: 1. only you can save mankind (they still need you, so it is not clear if several years old tru$tworthy computing can save mankind) 2. help bill get richer 3. help m$ security engineers get bigger bonus/salary for handling the "incident" properly -- where do you want bill gates to go today? EOM junk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fun with DHTML
On Thursday 23 March 2006 13:44, Georgi Guninski wrote: > a triple more reasons to send all of your 0days to m$: Can always count on you Georgi :-) > 1. only you can save mankind > (they still need you, so it is not clear if several years old > tru$tworthy computing can save mankind) You are the ONE! > 2. help bill get richer Hell yeah, can't let that IKEA guy take the title for richest man! > 3. help m$ security engineers get bigger bonus/salary for handling the > "incident" properly If that means they pay for drinks next time I am in Seattle, more power to them. Would you prefer that money to go to the security engineer or to the anti-ODF marketing campaign? The way I see it, the more cash Microsoft diverts into the security, the less they will be spending on efforts I disagree with :-) -HD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fun with DHTML
On Thu, Mar 23, 2006 at 02:03:33PM -0600, H D Moore wrote: > > 3. help m$ security engineers get bigger bonus/salary for handling the > > "incident" properly > > If that means they pay for drinks next time I am in Seattle, more power to > them. Would you prefer that money to go to the security engineer or to 0days for drinks in Seattle - an irresistible offer how could you have paid your drinks so long if they are not on m$? -- where do you want bill gates to go today? EOM junk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
