I want to look the code!
在2008-10-09,"大风" <[EMAIL PROTECTED]> 写道: I broke Opera Chris | October 8th, 2008 | Filed Under: Uncategorized I didn’t mean to! … Ok yes I did. http://www.opera.com/support/search/view/901/ I like Opera but it has not received as much ‘security attention’ as Firefox or Internet Explorer. Opera is pretty big in the mobile browser market, so this will probably be changing real soon. Web application flaws and attack techniques are growing everyday but the browser itself is still an excellent and reliable attack vector. In this case the vulnerability is based on a ‘specially crafted URI’ which of course can be triggered by any attacker controlled content. It is reproducible on both x86 Linux and Win XP SP2 and Vista. This flaw was found using some rudimentary fuzzing, simple stuff really. I basically whipped up a few lines of Javascript to create different URI’s with incrementing string lengths (yes I’m serious). And thanks to Immunity Debugger I was able to boil it down to a heap overflow in no time. The offending URI was ‘http://BBB*BBB:[EMAIL PROTECTED] This took minimal effort to find and underscores the importance of simple fuzzing test cases being built into your SDLC. Here is a screenshot of Immunity Debugger when Opera crashed. Don’t forget to patch: Opera [Ph4nt0m] [Ph4nt0m Security Team] [EMAIL PROTECTED] Email: [EMAIL PROTECTED] PingMe: === V3ry G00d, V3ry Str0ng === === Ultim4te H4cking === === XPLOITZ ! === === #_# === #If you brave,there is nothing you cannot achieve.# --~--~---------~--~----~------------~-------~--~----~ 您收到此信息是由于您订阅了 Google 论坛“Ph4nt0m”论坛。 要在此论坛发帖,请发电子邮件到 [email protected] 要退订此论坛,请发邮件至 [EMAIL PROTECTED] 更多选项,请通过 http://groups.google.com/group/ph4nt0m?hl=zh-CN 访问该论坛 -~----------~----~----~----~------~----~------~--~---
