Bugtraq mailing list archives
New exploit can freeze web browsers!
From: Michael Wheaton <dubsydesign () YAHOO COM>
Date: Fri, 11 Aug 2000 19:33:09 -0700
Everyone wants to freeze someone's computer when they read an e-mail, right? Hotmail has put their security way up but still Yahoo!Mail and hundreds of others can be used to freeze a person's computer easily! As you know, JavaScript can be used to execute functions on a person's computer without their permission to do so. A while ago you used to be able to execute JavaScript on HotMail but they've completely removed that possibility for now. JavaScript has been blocked out of many other popular e-mail programs but I have discovered a method to get past this. By enclosing the JavaScript inside an IMG tag you can still execute it! Also, change "javascript" to "javasCript" and it will get past more e-mail programs! Here is what I use: <IMxxxG SRxxC="javasxxxCript:fxxxor(var ixxx = 0; xxi < 500; i++) winxxxdow.openxx('http:://wxxxww.eat.com');"> Please note that for your protection a bunch of the letter "x" has been inserted. Simply remove the "x"s and it should work just fine. It will immediately begin to execute 500 pop up windows, enough to crash web browsers and even freeze the computer! It has been tested on YahooMail and a couple of others and worked great! Send it out to anyone you want and it should freeze their computer wonderfully. For extra good results make the image width= "0000000000000000000000000000000000000001" or something like that. The large size will mess up the browser even more! Hope you have lots of fun with this. It can also be adapted to a web page! __________________________________________________ Do You Yahoo!? Yahoo! Mail Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- New exploit can freeze web browsers! Michael Wheaton (Aug 14)
- Re: New exploit can freeze web browsers! Marc Slemko (Aug 15)