Opera 9.6x file:// overflow

2008-11-17 Thread send9
Hello all - I don't have time for a fancy advisory format, but I did want to disclose an issue. Sometime in early October (late September?), around the time Opera 9.6 was released, I noticed that you could get it to crash after supplying the file:// handler with ~16,500 characters. I played ar

Re: Opera 9.6x file:// overflow

2008-11-18 Thread jplopezy
hi is very curious vulnerability... I think I found a variant of this vulnerability, if using another protocol (eg: https ://). I am sure that is an variant because providing other protocolos (eg: http://) does not work, nor the exceptions that are generated are equal to fail. ---

Re: Opera 9.6x file:// overflow

2008-11-19 Thread xiashing
It works on Opera 9.62 with Vista Business running and the crash produces: You tried to access the address file://xxx

Re: Re: Opera 9.6x file:// overflow

2008-11-18 Thread jplopezy
mmm sorry.. don't works this... :( Juan Pablo Lopez Yacubian

Re: Re: Re: Opera 9.6x file:// overflow

2008-11-18 Thread send9
For whatever reason, the file:// exploit isn't working on the version of Opera I have on this machine, but it worked on my XP SP2 machine back home. I can't get it to crash with https:// either. Both have Opera 9.62. Perhaps there's been a silent fix? I'm not sure; I wish Opera would reply.

Re: Re: Re: Re: Opera 9.6x file:// overflow

2008-11-19 Thread [EMAIL PROTECTED]
If I open specialy crafted html file - ok, exploit is working, but if I put that file on the server and receive it from the network with my opera, exploit does not work! why???

Re: Re: Re: Re: Opera 9.6x file:// overflow

2008-11-19 Thread Zack Payton
Try accessing it via https. When you access remotely, it defaults to the http uri handler.

Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

2008-11-20 Thread psy . echo
Hi Peter, Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remo

Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

2008-11-20 Thread theindigowolf
Does that also hold true if you use a javascript/java applet to deliver the URL rather than just placing it in a text link? --Original Message-- From: [EMAIL PROTECTED] Sender: To: bugtraq@securityfocus.com Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow Sent: Nov 19, 2008 5:59

Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow

2008-11-20 Thread send9
I don't mean to come off as a jerk here, but, most of the questions that have been asked were mentioned in the original message and in k`sOSe's code. As I've said, Opera does not allow you to invoke the file:// handler from the Internet. I am not sure about Java applets, but JavaScript is the