browser crash !

[Sharc]

example:

Sharc.ru/%%30%30

Place your link
http://Sharc.ru/
What is the essence:
(ie at the end of the address of any site to add "%% 30% 30")
That drop occurs browser

%%30%30

 

[ehthe]

Did not quite understand

 

[Supervisor]

I guess you use a pretty outdated browser. Does not work for firefox

 

[Sharc]

Does not work for firefox , IE

 

[Bluscream]

Does crash my Chrome Version 47.0.2508.0 dev-m (64-bit) even when just hovering over the link

 

[Derp]

Not working

Tried on

Chrome 45.0.2454.93(Official Build)m(32-bit)
Mozilla Firefox 40.0.3

 

[User_418]

Chrome/Chromium-based (some Linux builds aren't affected)
When you insert a link in adress bar and press Enter - it crashes.
When there's a link somewhere on the page, page crashes after howering on it.
Opera
When there's a link somewhere on the page, page crashes after howering on it.
IE
Error message, but no crash.
Firefox
No errors, no crash. Version is 40.0.2.
Steam
When you insert a link in adress bar and press Enter - page freezes.

Mobile versions are also affected. Also works with

[img][/img]

tags and similar (all pages of that side crashes when opened in one browser). Doesn't work on IPBoards.

Spoiler: Source

http://habrahabr.ru/post/267229/ (Russian)

 

[Asphyxia]

I wonder if it has something to do with the value 0. The %30 represents a url encoded 0 character. Perhaps it reads it as a null, which in turn would trigger a null value --- when it actually wanted a 0 value, so in summary: Basically a nullbyte DoS. The only issue, it crashes just a single tab in my browser. It would be cooler if it crashed the whole browser, still pretty damn awesome though.

Thanks for sharing man, good work.

 

[Asphyxia]

http://bit.ly/1Pfyy9z
Just give this a click, I did some magic.
You might have to wiggle your mouse a little.
It actually does seem to fuck up tabs in a weird way --- damn, lol.

Keep an eye on the processor usage, it goes a bit spastic when you click the link. I'm wondering if something more could be accomplished using this. Perhaps attempting to write something into the URL for example --- get it to run.

Someone should look into this a little more, if this is vulnerable in any way to execution --- you could literally send someone a link to a website and infect people in Chrome and I'm sure other browsers. This is definitely a problem developers probably overlooked, scary.

 

[bl4uni]

http://bit.ly/1Pfyy9z

Nothing happens, Firefox. Just
400 Bad Request
nginx

I think this is the first time firefox did better than chrome in case of programming.

 

[denka]

RIP chrome u.u

 

[Asphyxia]

RIP chrome u.u

Did it work on you using Chrome --- my link?

 

[denka]

Did it work on you using Chrome --- my link?

yup every tab of r4p3.net crashed

 

[Niepowtarzalny]

404 File not found.

That's all on newest chrome

 

[Sharc]

For a long time does not work


//close

 

[ehthe]

Closing as Sharc, the OP, requested it.