There’s a lot of different ways to DoS a browser, and I’ve just found one more, simply by accident. Because the mhtml library deals with a number of redirects and because many sites use redirection I intended to see I could follow those redirects to a depth greater than one to uncover session variables in the URL string (one of my clients does this, so I was attempting to see if I could grab it). Unfortunately I DoSed myself.

Click here with Internet Explorer 7.0 with JavaScript enabled. It will cause your browser to hang using an MHTML redirect followed by two more redirects. It also has strange effects on other applications (including Thunderbird - not sure why). You can still easily kill the browser, but until that point it becomes unusable.

I also was unable to reproduce under 6.0 (probably because the XMLHTTPRequest method I’m using doesn’t work with 6.0 but I haven’t validated that the technique wouldn’t work in both). I’m not sure how else this may be useful, but DoSing an application is never good.

This entry was posted on Sunday, February 4th, 2007 at 4:04 pm and is filed under Webappsec. You can leave a response as well.