lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20081120195007.25110.qmail@securityfocus.com>
Date: 20 Nov 2008 19:50:07 -0000
From: send9@...seclabs.com
To: bugtraq@...urityfocus.com
Subject: Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

I don't mean to come off as a jerk here, but, most of the questions that have been asked were mentioned in the original message and in k`sOSe's code.

As I've said, Opera does not allow you to invoke the file:// handler from the Internet. I am not sure about Java applets, but JavaScript is the method used in the exploit code. We tried window.open() and window.location but neither allow it work. If you can get it to work, please let us know!

As far people that said "it worked" when a new tab opens with an error -- no, it did not work. It "works" when it the browser crashes, or ideally, calc.exe opens. I feel like Opera silently fixed this, but I don't have the time to figure it out right now.

Please, take the time to read the original message a little closer and review the PoC. I realize that it doesn't answer all questions, but it will answer a lot that have been asked here! :)

send9

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ