Opera x domain with video tutorial
Published: Thu, 08 Nov 2012 11:24:19 GMT
Updated: Mon, 24 Mar 2025 20:06:50 GMT
This is a pretty awesome x-domain I found and reported to Opera. It should be fixed in the latest version. Opera was leaking more properties than it should on a x-domain location but the flaw was interesting because Opera prevented access to functions like alert etc so it wasn't directly exploitable however by using literal values you could obtain the Object constructors like the Array constructor and overwrite prototypes to execute code.
iframe.contentWindow.location.constructor.prototype .__defineGetter__.constructor('[].constructor. prototype.join=function(){alert("PWND:"+document.body.innerHTML)}')();
The when the site executed [].join the function would be called resulting in x-domain access. I did a video tutorial to show how I discovered it enjoy! Opera x-domain Hackvertor tutorial video