Full Disclosure mailing list archives
Opera7.53 show you wrong URL adsress (NOT security issue,Sorry but unbelievable)
From: "bitlance winter" <bitlance_3 () hotmail com>
Date: Tue, 20 Jul 2004 16:07:50 +0000
============ References: http://secunia.com/advisories/12028/ Quoted: Solution: This vulnerability has been eliminated in version 7.53. http://www.opera.com/download/ ============ How to eliminate ? Opera developer give it away showing you reet URL! Unbelievable. Let us checkout this HTML and look at address bar. [html] [head] [script] location.replace('http://www.google.com/'); [/script] [/head] [body] [h1]title[/h1] [/body] [/html] Or checkout, [html] [head] [/head] [body onload="location.replace('http://www.google.com/');"] [h1]Onload?[/h1] [/body] [/html] NOTE: It is not security issue. It is a simple bug or the best manual workaround. Best Regards. -- bitlance winter _________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Opera7.53 show you wrong URL adsress (NOT security issue,Sorry but unbelievable) bitlance winter (Jul 20)