Comment by devit
7 years ago
Based on a web search, https://bogdanz.me/work/diddu.html might be a working mirror of the proof of concept.
It appears to contain a 10MB long UTF-8 mess in both the og:title meta content and in a mailto: link.
I'd guess it's supposed to crash iOS apps by either posting that link if it displays links in a thumbnail element using og:title or otherwise by pasting the huge mailto link contained in the webpage, or perhaps only the e-mail address.
Hah. View-Source takes forever to load (in Vivaldi). Wget says it's a 20 MB file. Opening it in Joe in Cygwin kills the Cygwin process. Neat.
Also the href attribute inside the <link rel="apple-touch-icon"> points to a HTML URL, but that returns a 404...
That site caused Firefox 57 (64bit) to lock up on Windows 10...
It is an i7, 16 GB total (7 GB free), and an SSD.
Same for me, except on Windows 7. CPU spiked to 100% and I warmed up my hands with the extra heat :). Closing the tab and waiting a minute or so (the usual thing I do for cpu/memory intensive pages like this) didn't work. I had to completely restart Firefox to get it back to normal.
I have Firefox 58/64bit/Linux and it slowed down Firefox on my i5 with 16GB ram (2GB free) w/ HDD for about 1 second... it didn't lock it up because any action that I did on firefox was slowed down by about 1 second... other programs seemed fine too.
It didn't completely lock up on W7 FF 57.
The lock ups came in waves but was able to close the tab when it was unlocked.
This is arguably spam. The "link to fix iMessage if it crashes" just opens up a ton of ads with women in lingerie.
Could someone just use some sort of fuzzing software to generate these?
Just keep trying many until one hits.
You can, but the number of possible inputs is huge and fuzzing won't prove that no such input exists.
Can confirm, just crashed my friends iPhone X. Required a hard reboot, was locked up completely.
Can confirm - am the owner of the mirror