Opera x-domain with video tutorial

Thursday, 8 November 2012

This is a pretty awesome x-domain I found and reported to Opera. It should be fixed in the latest version. Opera was leaking more properties than it should on a x-domain location but the flaw was interesting because Opera prevented access to functions like alert etc so it wasn’t directly exploitable however by using literal values you could obtain the Object constructors like the Array constructor and overwrite prototypes to execute code.

iframe.contentWindow.location.constructor.prototype .__defineGetter__.constructor('[].constructor. prototype.join=function(){alert("PWND:"+document.body.innerHTML)}')();

The when the site executed [].join the function would be called resulting in x-domain access. I did a video tutorial to show how I discovered it enjoy!
Opera x-domain Hackvertor tutorial video

The entry 'Opera x-domain with video tutorial' was posted on November 8th, 2012 at 11:24 am and last modified on November 8th, 2012 at 9:35 pm, and is filed under javascript, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed :( too much spam. If you want to contact me about any article please email or tweet me.

M	T	W	T	F	S	S
« Oct				Dec »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Opera x-domain with video tutorial

Inspiration

Recent Comments