[23434] in bugtraq
Re: Crashing X
daemon@ATHENA.MIT.EDU (John Scimone)
Sat Dec 8 03:30:39 2001
Content-Type: text/plain;
charset="iso-8859-1"
From: John Scimone <jscimone@cc.gatech.edu>
To: bugtraq@securityfocus.com
Date: Fri, 7 Dec 2001 18:49:30 -0500
In-Reply-To: <01120720451400.04541@mainframe>
MIME-Version: 1.0
Message-Id: <01120718493001.14355@ks40.eastnet.gatech.edu>
Content-Transfer-Encoding: 8bit
If this is true couldn't a malicious website simply set the initial value of
the form then use javascript to submit it upon loading the page causing the
clients X to crash?
ie.
<input type="text" value="(9000 A's)">
and have a body onload=document.forms[0].submit()?
John Scimone
CS Major @ Ga Tech
On Friday 07 December 2001 04:26 pm, you wrote:
> I have discovered a little bug in K Desktop 2.1.2 that crashes your X
> Server.
>
> By using the konqueror web browser and inputting around 9000+ A's (or
> whatever) into a search box (for instance www.yahoo.com's web search box) -
> this will crash your X environment.
>
> I have successfully done it using 9000 A's on one search box (crashing X
> instantly), then I used 90'000 and it also worked - but without immediate
> effect (took a few seconds).
>
> It also sometimes seems to work by just pasting 900000 A's into a search
> box and before it even displays the A's X crashes. (note: If you want it
> to display the A's before X crashes paste 9000, then as soon as you click
> to start the search - its bye bye X).
>
> Sorry but I can only test it on KDE 2.1.2, because I have no other systems
> available right now.
>
> By the way:
>
> [smackenz@mainframe smackenz]$ uname -a
> Linux mainframe 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
> (Rehat 7.1)
> (KDE 2.1.2)
> (this works in Gnome and KDE using with the konqueror web browser)
>
> To test simply use a shell and type:
>
> perl -e 'print "A" x 9000'
>
> Then copy these, and paste them into a search form.
>
> Also I tried this in netscape and it didn't work so it suggests its a
> konqueror error somewhere or other.
>
> Cheers
>
> Scott Mackenzie
