httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 58599] New: Self XSS Leading to Extremely simple DoS
Date Sun, 08 Nov 2015 20:08:29 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=58599

            Bug ID: 58599
           Summary: Self XSS Leading to Extremely simple DoS
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: Macintosh
            Status: NEW
          Severity: major
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: pabstersac@gmail.com

This is a bug in the way that your server strips javascript: in the url, and
which is not helped by the way that when a person puts in the url 3.3.3.3 it is
still connected to the original server which definitely makes the exploit
easier to reproduce. This is an extremely simple DoS attack which can be made
by sending a specially crafted javascript: request while the page is loading,
which will create a strange infinite loop which will eventually result in DoS.
The javascript request I use is javascript:document.write(0); putting that in
the url while the website is loading will return a blank page with a 0 and with
a url of the website that was loading, that will keep on loading unsuccesfully
infinitely, and if done for more than once and enough time can lead to DoS. But
any javascript request containing document.right will work to perform the DoS.
There is no patch available and it is extremely easy to perform. How I do it is
I usually just go to the website being hosted by apache then change the url for
3.3.3.3 and when it is loading change the url again for
javascript:document.write(0);

In the Hackerone Apache Bug Bounty this bug would be in the Important section.

Hope it helps :) :P

Hackerone=pabstersac

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message