| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: alf1num3rik at yahoo.com (Stephen) Subject: [EXPLOIT] Opera 7.22 File Creation and Execution Exploit ! Hi, Opera 7.22 File Creation and Execution Exploit (Malicious Webserver) http://www.k-otik.net/exploits/11.22.Opera7.22.pl.php ################################################## # # Sample code of # "[Opera 7] Arbitrary File Auto-Saved Vulnerability." # # This Exploit will run a webserver that will create and execute a batch # file on the victim's computer when visiting this malicious server # # This perl script is a small HTTP server for a check ofthe vulnerability. # BTW, you can exploit this vulnerability without a server like this # if your apache or etc., allow a request URL that contains '..'. # # Tested on : # Opera 7.22 # Opera 7.21 # Opera 7.20 # Opera 7.1X # Opera 7.0X # # with Active Perl 5.8.0 on Windows 2000 Pro SP4 JP. # (maybe need Perl 5.6 or later) # # Usage : # [0] Execute "perl this_script 10080" on a console, # this server starts to listen in port 10080. # [1] Opera opens "http://127.0.0.1:10080/". # [2] Click link. # [3] Auto-saved an arbitrary file on a root directory # of Local Disk ... __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Powered by blists - more mailing lists