browser crash !

Sharc · Sep 19, 2015

example:

Sharc.ru/%%30%30

Place your link
http://Sharc.ru/
What is the essence:
(ie at the end of the address of any site to add "%% 30% 30")
That drop occurs browser

Code:

%%30%30

ehthe · Sep 19, 2015

Did not quite understand

Supervisor · Sep 19, 2015

I guess you use a pretty outdated browser. Does not work for firefox

Sharc · Sep 19, 2015

Does not work for firefox ,

IE

Bluscream · Sep 19, 2015

Does crash my Chrome Version 47.0.2508.0 dev-m (64-bit) even when just hovering over the link

Derp · Sep 19, 2015

Not working

Tried on

Chrome 45.0.2454.93(Official Build)m(32-bit)
Mozilla Firefox 40.0.3

User_418 · Sep 19, 2015

Chrome/Chromium-based (some Linux builds aren't affected)
When you insert a link in adress bar and press Enter - it crashes.
When there's a link somewhere on the page, page crashes after howering on it.
Opera
When there's a link somewhere on the page, page crashes after howering on it.
IE
Error message, but no crash.
Firefox
No errors, no crash. Version is 40.0.2.
Steam
When you insert a link in adress bar and press Enter - page freezes.

Mobile versions are also affected. Also works with

Code:

[img][/img]

tags and similar (all pages of that side crashes when opened in one browser). Doesn't work on IPBoards.

http://habrahabr.ru/post/267229/ (Russian)

Asphyxia · Sep 20, 2015

I wonder if it has something to do with the value 0. The %30 represents a url encoded 0 character. Perhaps it reads it as a null, which in turn would trigger a null value --- when it actually wanted a 0 value, so in summary: Basically a nullbyte DoS. The only issue, it crashes just a single tab in my browser. It would be cooler if it crashed the whole browser, still pretty damn awesome though.

Thanks for sharing man, good work.

Asphyxia · Sep 20, 2015

http://bit.ly/1Pfyy9z
Just give this a click, I did some magic.

You might have to wiggle your mouse a little.
It actually does seem to fuck up tabs in a weird way --- damn, lol.

Keep an eye on the processor usage, it goes a bit spastic when you click the link. I'm wondering if something more could be accomplished using this. Perhaps attempting to write something into the URL for example --- get it to run.

Someone should look into this a little more, if this is vulnerable in any way to execution --- you could literally send someone a link to a website and infect people in Chrome and I'm sure other browsers. This is definitely a problem developers probably overlooked, scary.

bl4uni · Sep 20, 2015

Asphyxia said:
http://bit.ly/1Pfyy9z

Nothing happens, Firefox. Just
400 Bad Request
nginx

I think this is the first time firefox did better than chrome in case of programming.

denka · Sep 20, 2015

RIP chrome u.u

Asphyxia · Sep 20, 2015

skinas said:
RIP chrome u.u

Did it work on you using Chrome --- my link?

denka · Sep 20, 2015

Asphyxia said:
Did it work on you using Chrome --- my link?

yup every tab of r4p3.net crashed

Niepowtarzalny · Feb 16, 2016

404 File not found.

That's all on newest chrome

Sharc · Feb 16, 2016

For a long time does not work

//close

ehthe · Feb 16, 2016

Closing as Sharc, the OP, requested it.

browser crash !

Sharc

Member

ehthe

Supervisor

Sharc

Member

Bluscream

Derp

User_418

Asphyxia

Owner

Asphyxia

Owner

bl4uni

Active Member

denka

Asphyxia

Owner

denka

Niepowtarzalny

Member

Sharc

Member

ehthe