Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts of data (like 5-10 MB). In a proof-of-concept he was able to full up 1 GB of HDD space every 16 seconds.
He created FillDisk.com in order to demonstrate the exploit in HTML5. Once user will visit the website the Web Storage standard allows website to place large amounts of data on your drive. Please note that, It's not a hack and this exploit won't allow attackers to access your computer.
However, Web browsers have the ability to limit just how much space websites can dump onto your hard drive. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit. Whereas Chrome, Safari (iOS and desktop), and IE vulnerable to this.
You can find the source code here. Feross already logged the bug for Chrome and Safari, so the problem there should be fixed soon.
Author Info
Wang Wei has been a security consultant for the government, financial securities, banks. Working as Researcher with The Hacker News. He is also a renowned speaker on the subject of 'Exploit Writing'. He is Malware analyst, Freelancer Penetration Tester, Cloud Computing, Mobile application & Software Developer. Follow him @ Twitter | Google | Email
