ad

Exclusive Updates from 'Rafay Hacking Articles'

Newsletter

Info-Tech Report: Vendor Landscape for Mid-Market ERP

New players are taking ERP from just transactions, to business actions. Click here to download
[Sponsored]

Latest News Jul 31, 2014

Puffin Web Browser Pop Up Recursion Vulnerability - DOS

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post " ...

Puffin Web Browser Address Bar Spoofing Vulnerability


During my recent research on Mobile browsers i have managed to find couple of interesting vulnerabilities such as SOP bypass, Denial of service and Address bar spoofing vulnerability which are worth doing a writeup. However, In the following writeup I would discuss about an " ...

Nokia Asha Series Lock Screen Bypass


There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you observe carefully most of them rely upon abusing the " ...

HTML5 Modern Day Attack And Defence Vectors

Lately, A lot of people have been asking me the reason of my absence and not being active on RHA. The answer is that there are countless factors to which I have lost count myself. Had it been one, I might have remembered it. First of all i was very busy with my studies and also I had been working on my final year project because its right around the corner. All this work had been consuming a lot if my time and then came the task of promoting my upcoming book " ...

Rhainfosec XSS Challenge 2 - Writeup

Last week, we announced our second XSS challenge after the tremendous success of our first XSS challenge. The challenge was based upon a blacklist based protection and the goal was to execute javascript alert(1). We had a huge number of participants for the challenge and in total we had more than 15k attempts for breaking the XSS filter. Out of which only 15 were worthy enough to break it. ...

Rethinking Enterprise Mobility - The Way It Should Be

Jack Madden discusses Enterprise Mobility with Arun Bhattacharya to get the CA perspective on the way it should be. Click here to download
[Sponsored]

This email was sent to youbeeub.fbhacking123@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from Rafay Hacking Articles. If you would like to manage your newsletter preferences, please click here.

Rafay Hacking Articles | Karachi, Pakistan 44000
Contact: rafayhackingarticles@gmail.com
Unsubscribe

Hacking and Cracking

Hacking and Cracking


Puffin Web Browser Pop Up Recursion Vulnerability - DOS

Posted: 29 Jul 2014 06:47 PM PDT

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post "Puffin Web Browser Address Bar Spoofing" already talked about a high risk vulnerability inside Puffin Web browser. 

However, today I would like to discuss about a low/medium risk issue known as "Pop Up Recursion" vulnerability resulting in a Denial Of Service. This is a known issue and in past has been already addressed in browsers such as Google Chrome, however Puffin Web Browser is still affected by the issue.  

Vulnerability

The vulnerability occurred due to mishandling of location.reload function, as it keeps reloading the document, however the issue more likely is present inside of not limiting the pop ups or simply offering no way to ignore further prompts.

Expected Result


Puffin Web Browser should have opened a new window with single alert box.

What actually happened? 


Puffin Web Browser recursively opens up new window on pressing the ok button and there is no way to prevent the page from creating additional pop ups just like Chrome, IE etc. 

Puffin Web Browser



On pressing the "OK" button, it would reload the copy a current document in a new tab, on pressing "OK" on the second window, it would reload another copy of the current document in a new tab, this would keep growing until the browser finally crashes. 

Chrome


In "Chrome" for android, this effect is limited by offering a checkbox to prevent the current document from creating additional dialogs.

POC

The following is the simple proof of concept:
<html>
<title>Puffin Web Browser Pop Up Recursion DOS</title>
<body>
<script>
window = window.open(location.reload('http://rafayhackingarticles.net'));
window.alert(window)
</script>
</body>
</html>

Fix

Puffin Web Browser team has acknowledged the issue and have promised to fix them in next versions.




Exclusive Updates from 'Rafay Hacking Articles'

Newsletter

Detecting the Enemy Inside the Network: How Tough Is It to Deal with APTs?

A better understanding of targeted attacks can give security groups the correct mindset in dealing with these threats. Click here to download
[Sponsored]

Latest News Jul 29, 2014

Puffin Web Browser Address Bar Spoofing Vulnerability


During my recent research on Mobile browsers i have managed to find couple of interesting vulnerabilities such as SOP bypass, Denial of service and Address bar spoofing vulnerability which are worth doing a writeup. However, In the following writeup I would discuss about an " ...

Nokia Asha Series Lock Screen Bypass


There have been a lot of lock screen bypasses lately in almost every mobile deice such as iPhone, Samsung galaxy, HTC etc and if you observe carefully most of them rely upon abusing the " ...

HTML5 Modern Day Attack And Defence Vectors

Lately, A lot of people have been asking me the reason of my absence and not being active on RHA. The answer is that there are countless factors to which I have lost count myself. Had it been one, I might have remembered it. First of all i was very busy with my studies and also I had been working on my final year project because its right around the corner. All this work had been consuming a lot if my time and then came the task of promoting my upcoming book " ...

Rhainfosec XSS Challenge 2 - Writeup

Last week, we announced our second XSS challenge after the tremendous success of our first XSS challenge. The challenge was based upon a blacklist based protection and the goal was to execute javascript alert(1). We had a huge number of participants for the challenge and in total we had more than 15k attempts for breaking the XSS filter. Out of which only 15 were worthy enough to break it. ...

A Simple Design Flaw In Qmobile's Messaging System



Introduction

This post describes a simple design flaw inside of Qmobile handsets and describes why you shouldn't rely upon built in password protection mechanisms and why encryption is the best solution rather than using password protection mechanism. ...

Citrix XenApp: Single Point of Access, Single Point of Control

IT professionals are rethinking remote access strategies to enable a mobile workforce. Click here to download
[Sponsored]

This email was sent to youbeeub.fbhacking123@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from Rafay Hacking Articles. If you would like to manage your newsletter preferences, please click here.

Rafay Hacking Articles | Karachi, Pakistan 44000
Contact: rafayhackingarticles@gmail.com
Unsubscribe