这个分辩率用来debug真是爽哈 2008/10/9 大风 <[EMAIL PROTECTED]>
> > *I broke Opera* > > > > Chris | October 8th, 2008 | Filed Under: > <http://www.matasano.com/log/1182/i-broke-opera/>Uncategorized<http://www.matasano.com/log/category/uncategorized/> > > I didn't mean to! … Ok yes I did. > > http://www.opera.com/support/search/view/901/ > > I like Opera but it has not received as much 'security attention' as > Firefox or Internet Explorer. Opera is pretty big in the mobile browser > market, so this will probably be changing real soon. Web application flaws > and attack techniques are growing everyday but the browser itself is still > an excellent and reliable attack vector. In this case the vulnerability is > based on a 'specially crafted URI' which of course can be triggered by any > attacker controlled content. It is reproducible on both x86 Linux and Win XP > SP2 and Vista. > > This flaw was found using some rudimentary fuzzing, simple stuff really. I > basically whipped up a few lines of Javascript to create different URI's > with incrementing string lengths (yes I'm serious). And thanks to Immunity > Debugger I was able to boil it down to a heap overflow in no time. > > The offending URI was 'http://BBB*BBB:[EMAIL PROTECTED]<[EMAIL PROTECTED]>'. > This took minimal effort to find and underscores the importance of simple > fuzzing test cases being built into your SDLC. > > Here is a screenshot of Immunity Debugger when Opera crashed. > > <http://www.matasano.com/log/wp-content/uploads/2008/10/immdbg.jpg> > > Don't forget to patch: Opera <http://www.opera.com> > > > > > > > > *[Ph4nt0m] <http://www.ph4nt0m.org/> * > > *[Ph4nt0m Security Team]* > > * [EMAIL PROTECTED] <http://blog.ph4nt0m.org/>* > > * Email: [EMAIL PROTECTED] > > * PingMe: > <http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wuhq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724> > * > > * **=== V3ry G00d, V3ry Str0ng ===*** > > * === Ultim4te H4cking ===* > > * === XPLOITZ ! ===* > > * === #_# ===* > > *#If you brave,there is nothing you cannot achieve.#* > > > > > > > > -- BLOG: http://www.blogjava.net/baicker --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
<<inline: image002.gif>>
<<inline: image001.jpg>>
