# Exploit Title: IE/Opera source code viewer Null Character Handling Vulnerability # Date: 10/04/2010 # Author: Daniel Correa # Software Link: http://www.microsoft.com/windows/internet-explorer/default.aspx # Software Link: http://www.opera.com/download/ # Version: Tested on IE 8, Opera 10.51 # Tested on: Windows XP; Windows 7 + default IE 8 # CVE : # Description : The vulnerability in the source code viewer in both browsers (IE & Opera) is when they are processing the null control character (0×00), including this character in the transmission message results in a misunderstanding that is reflected in the concealment of the transmitted message, only the code that is between valid tags is shown. In other words, exploiting this vulnerability we can completely hide the source code to the user of Internet Explorer and Opera browsers. # Code: The next code hide all the source code to source code viewer. Esto es un mensaje oculto This is a hide message Este es otro Thie is another one ... Como vemos podemos esconder cualquier mensaje As we can see we can hide any message