Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
cool IE-8 CSS-based DoP bug
Posted by: sirdarckcat
Date: September 17, 2009 12:08AM

Link: http://edskes.net/ie8overflowandexpandingboxbugs.htm

The idea is that if you have this piece of code somewhere in the page:

<div style=float:left;max-height:1px;overflow:scroll></div>

It will erase absolutely everything in the webpage..

The simplest test case:

<!DOCTYPE html><div style=float:left;max-height:1px;overflow:scroll></div>asdf

I think is very cool! evendo we can already do something simmilar with absolute positioning, this one is cleaner I think :)

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 09/17/2009 12:50AM by sirdarckcat.

Options: ReplyQuote
Re: cool IE css-based DoS bug, ideas?
Posted by: thrill
Date: September 17, 2009 12:21AM

So it's a DoP.. denial of pr0n..

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: cool IE css-based DoS bug, ideas?
Posted by: sirdarckcat
Date: September 17, 2009 12:50AM

hahahahaha sweet, title changed

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: rvdh
Date: September 17, 2009 01:58AM

Eh, that would be the same as setting a display:none / display:block on the body or something similar, works everywhere.



Edited 1 time(s). Last edit at 09/17/2009 01:59AM by rvdh.

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: sirdarckcat
Date: September 17, 2009 03:40AM

if you controll the body, yeah its the same.

if you only controll part of the code (google docs/SNS/filtered sites/etc..) you can use this..

anyway, as I said, we can already do this with absolute positioning.

<div style="position:fixed;top:0px;left:0px;z-index:1000;background-color:white;">

But as said before, this is cleaner.

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: rvdh
Date: September 17, 2009 04:35AM

Not necessarily, you can inject this anywhere in a page, even below all content:

<style>body { display:none; }</style>

Since CSS is cascading it overrules everything.

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: Anonymous User
Date: September 17, 2009 05:01AM

HTML 5 doesn't need a body anymore.
<style>*{display:none;
would be my choice :)

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: sirdarckcat
Date: September 17, 2009 05:04AM

haha, well, in that matter try:

opacity:0;

that is more fun than display! you dunno what you are clicking xD.

Anyway, sites that filter display: and <style> tags can be attacked using this.. since it has no requirements.

Greetings

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: cool IE-8 CSS-based DoP bug
Posted by: rvdh
Date: September 17, 2009 08:38AM

lol yeah there are a dozen tags that can do something similar.

Options: ReplyQuote


Sorry, only registered users may post in this forum.