TUCoPS :: Browsers :: b06-3410.htm

TUCoPS :: Browsers :: b06-3410.htm
Opera web browser 9 denial of service
OPERA Web Browser 9 Denial OF Service OPERA Web Browser 9 Denial OF Service

ECHO_ADV_35$2006=0D
=0D
------------------------------------------------------------------------------------=0D
[ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service=0D
------------------------------------------------------------------------------------=0D
=0D
Author		: Ahmad Muammar W.K (a.k.a) y3dips=0D
Date Found	: July, 1th 2006=0D
Location	: Indonesia, Jakarta=0D
web		: http://echo.or.id/adv/adv35-y3dips-2006.txt=0D 
Critical Lvl	: Moderated=0D
Impact		: Browser will automatically shutdown=0D
Where		: From Remote=0D
------------------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
Opera Web Browser=0D
=0D
Application	: Opera Web Browser=0D
version		: Opera/9.00 (X11; Linux i686; U; en)=0D
                  Opera/9.00 (Windows NT 5:1;U;en)=0D
		  Some Other version are bot vulnerable and others are not tested,=0D
			=0D
URL		: http://opera.com=0D 
Description 	:=0D
=0D
Vulnerability can be exploited by using  combining with javascript=0D
(documents stylesheet) to create an out-of-bounds memory access.=0D
=0D
------------------------------------------------------------------------------------=0D
=0D
Exploit Code:=0D
~~~~~~~~~~~~~~~~=0D
=0D
-----------------------opera9xploit.html----------------------=0D
=0D
<!-- Opera 9 DOS exploit, discovered by =0D
     Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) =0D
<a href="http://y3d1ps.blogspot.com=0D">http://y3d1ps.blogspot.com=0D</a> 
//-->=0D
=0D
<html>=0D
<iframe src="palsu.php" name="fake"  > =0D
=0D
=0D
=0D
live exploit :=0D
=0D
http://y3dips.echo.or.id/opera9-dos/=0D 
=0D
------------------------------------------------------------------------------------=0D
=0D
Solution:=0D
~~~~~~~~=0D
=0D
Disable Java Scipt execution from Opera Web browser=0D
=0D
=0D
------------------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~~~=0D
=0D
~ my beloved ana=0D
=0D
~ the_day, K-159 (keep researching), also all echo staff=0D
~ negative , naisenodni crew=0D
~ janex vind "waraxe" @ waraxe.us =0D
~ newbie_hacker[at]yahoogroups.com=0D
~ #e-c-h-o @irc.dal.net=0D 
=0D
------------------------------------------------------------------------------------=0D
Contact:=0D
~~~~~~~~=0D
=0D
     y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id=0D
Homepage: http://y3dips.echo.or.id/=0D 
=0D
-------------------------------- [ EOF ] -------------------------------------------