Skip to content

Latest commit

 

History

History
54 lines (28 loc) · 2.11 KB

README.md

File metadata and controls

54 lines (28 loc) · 2.11 KB

safari-ie-reaper.github.io

I've created this simple HTML page to test the CSS webkit filter DoS attack created by pwnsdx

Original Git here: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea"

Original Tweet here: tweet/pwnsdx

The page would be this:

Alt text

The Exploit it works on Safari and IE (and i think Edge) on Windows, Safari (Mac iPhone, iPad etc.),
and some user he says it also works on Ubuntu, but I do not know what browser it is...
Don't works on Chrome, Opera and Mozilla (I wonder why it does not surprise me ....).

In practice with this technique you can crash the browser,
regardless of whether it is on PC, smartphone, etc.
On iPhone and Mac (and Ubuntu maybe) can also restart the the machine.

The original version used a background encoded image in base64,
i have instead used a normal url to make the code easier to study.


Alt text


Test at your risk here: https://jonnybanana.github.io/safari-ie-reaper.github.io/

Alt text

Here instead i have put on the site the original version make by pwnsdx:
https://jonnybanana.github.io/safari-ie-reaper.github.io/Original_Version


I also made a short video showing the bug, just click on the image below:

Safari-IE-Reaper