Latest News

Puffin Web Browser Pop Up Recursion Vulnerability - DOS

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high risk issues. My recent post "Puffin Web Browser Address Bar Spoofing" already talked about a high risk vulnerability inside Puffin Web browser. 

However, today I would like to discuss about a low/medium risk issue known as "Pop Up Recursion" vulnerability resulting in a Denial Of Service. This is a known issue and in past has been already addressed in browsers such as Google Chrome, however Puffin Web Browser is still affected by the issue.  

Vulnerability

The vulnerability occurred due to mishandling of location.reload function, as it keeps reloading the document, however the issue more likely is present inside of not limiting the pop ups or simply offering no way to ignore further prompts.

Expected Result


Puffin Web Browser should have opened a new window with single alert box.

What actually happened? 


Puffin Web Browser recursively opens up new window on pressing the ok button and there is no way to prevent the page from creating additional pop ups just like Chrome, IE etc. 

Puffin Web Browser



On pressing the "OK" button, it would reload the copy a current document in a new tab, on pressing "OK" on the second window, it would reload another copy of the current document in a new tab, this would keep growing until the browser finally crashes. 

Chrome


In "Chrome" for android, this effect is limited by offering a checkbox to prevent the current document from creating additional dialogs.

POC

The following is the simple proof of concept:
<html>
<title>Puffin Web Browser Pop Up Recursion DOS</title>
<body>
<script>
window = window.open(location.reload('http://rafayhackingarticles.net'));
window.alert(window)
</script>
</body>
</html>

Fix

Puffin Web Browser team has acknowledged the issue and have promised to fix them in next versions.




No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com , ,manoj960000@gmial.com.
skype: greeenchip

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code