[Full-Disclosure] Netscape Communicator META Refresh Denial of Service

• Previous message: Matthew Murphy: "[Full-Disclosure] BadBlue - Unauthorized Administrative Command Execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The "META" tag can be used to specify several things, including
document properties, and HTTP headers.  Among the HTTP
header equivalents it can specify is a "Refresh" member.

Refresh has this syntax:

<meta http-equiv="refresh" content="[delay]; URL=[page]">

delay - A number of seconds to wait for reload.  If omitted,
no delay is observed and the page is refreshed immediately.

page - This is the URL to navigate to when the refresh occurs

If a META Refresh navigates to itself with no delay, Netscape
will loop, causing a stupid DoS.

I tested this on Netscape 6.2.1 for Win9x/Me, but other versions
may be vulnerable.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosureat_private
http://lists.netsys.com/mailman/listinfo/full-disclosure

• Next message: Matthew Murphy: "BadBlue - Unauthorized Administrative Command Execution"
• Previous message: Matthew Murphy: "[Full-Disclosure] BadBlue - Unauthorized Administrative Command Execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 11:08:43 PDT