Skip to content
Simple HTML page that i realized to test the CSS webkit filter DoS attack created by pwnsdx
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
img
Original_Version.html
README.md
humans.txt
index.html

README.md

safari-ie-reaper.github.io

https://jonnybanana.github.io/safari-ie-reaper.github.io/

I've created this simple HTML page to test the CSS webkit filter DoS attack created by pwnsdx

Original Git here: https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea"

Original Tweet here: tweet/pwnsdx

The page would be this:

Alt text

The Exploit it works on Safari and IE (and i think Edge) on Windows, Safari (Mac iPhone, iPad etc.),
and some user he says it also works on Ubuntu, but I do not know what browser it is...
Don't works on Chrome, Opera and Mozilla (I wonder why it does not surprise me ....).

In practice with this technique you can crash the browser,
regardless of whether it is on PC, smartphone, etc.
On iPhone and Mac (and Ubuntu maybe) can also restart the the machine.

The original version used a background encoded image in base64,
i have instead used a normal url to make the code easier to study.


Alt text


Test at your risk here: https://jonnybanana.github.io/safari-ie-reaper.github.io/

Alt text

Here instead i have put on the site the original version make by pwnsdx:
https://jonnybanana.github.io/safari-ie-reaper.github.io/Original_Version


I also made a short video showing the bug, just click on the image below:

Safari-IE-Reaper

You can’t perform that action at this time.