Feross Aboukhadijeh, a Web developer and a Stanford computer science student, has identified a vulnerability that could be exploited to flood a computer’s hard drives with junk data in a short amount of time. Internet Explorer, Safari, Opera and Chrome are impacted by the issue.
See the flaw by yourself, by following below steps.
- Goto this site.(CAUTION: See below steps & click).
- Now the site will start downloading random cats images into your OS drive.(NOTE: The tests performed by the expert have shown that 1 GB of data can be downloaded every 16 seconds on a Macbook Pro Retina with a solid state drive)
- But no worries, just click STOP THIS MADNESS button in that site itself to get back all your storage space.
NO HARM IS DONE. SO WE ARE GOOD TO CHECK THIS FLAW :D
Watch this video, you will know what i’m talking about.
In order to demonstrate his findings, Aboukhadijeh has set up a website called FillDisk.com which fills the user’s computer with pictures of cats.
More Info about this Flaw:
Aboukhadijeh explains that the HTML5 Web Storage standard was developed to allow sites to store larger amounts of data on the visitor’s computer. However, the standard advises browser vendors to set their own limitations for the amount of storage space for each website to avoid abuse.
For instance, Chrome allows 2.5 MB per origin, Firefox and Opera allow 5 MB, and Internet Explorer allows 10 MB.
While browser vendors have implemented this limitation, they neglected another aspect recommended by the standard: “User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit.”
In Chrome, Safari, Opera and IE these limitations haven’t been implemented so each subdomain of a site can download the 2.5 MB, 5 MB or 10 MB allowed by the browser.
As a result, a website like FillDisk.com can have unlimited storage space on a user’s device.
The expert has reported his findings to Google, Apple, Microsoft and Opera and he hopes they’ll act on addressing this issue soon.
It turns out that Firefox is not affected because Mozilla’ implementation of localStorage “smarter.”
Liked it ?? Share it !!
you might also like,