[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040603125213.B1E0E10647A@nils.bezeqint.net>
Date: Thu, 3 Jun 2004 15:53:59 +0200
From: GreyMagic Software <security@...ymagic.com>
To: <bugtraq@...urityfocus.com>
Subject: Phishing for Opera (GM#007-OP)
GreyMagic Security Advisory GM#007-OP
=====================================
By GreyMagic Software, 03 Jun 2004.
Available in HTML format at
http://security.greymagic.com/security/advisories/gm007-op/.
Topic: Phishing for Opera.
Discovery date: 16 May 2004.
Affected applications:
======================
Opera 7.50 and prior.
Introduction:
=============
Most browsers today implement a "Shortcut Icon" (favicon) feature. This
feature gives web-sites the option to add a small icon to the address bar
and/or favorites.
Opera also implements this feature. However, unlike other browsers, Opera
allows the use of icons that may be large in width.
Discussion:
===========
It is possible to use this feature in Opera to fool users into believing
that they are in a domain they trust (their bank, web-mail, etc) while
serving and receiving content in a hostile domain. Thereby enabling identity
theft, credit card scams and more.
This can be done by creating an icon that contains the text of the desired
site, which would be similar in appearance to the way Opera shows addresses
in the address bar.
This alone, however, is not enough, as it will cause the real address to
appear to the right of the fake address. Unfortunately, this too can be
circumvented by tricking Opera into showing the right-hand side of the
attacking URL, while filling that side with spaces.
The result is a very convincing fake address appearing in the address bar.
Exploit:
========
Create an image that looks like an address in Opera's address bar and use
the following element to include it in a page:
<link rel="shortcut icon" href="linkToFakeAddress.gif">
Demonstration:
==============
A proof-of-concept demonstration of this issue is available at
http://security.greymagic.com/security/advisories/gm007-op/.
Solution:
=========
GreyMagic informed Opera of the vulnerability on 19-May-2004. A new version
(7.51) was released on 03-Jun-2004 to address this problem.
Tested on:
==========
Opera 7.23.
Opera 7.50.
Disclaimer:
===========
The information in this advisory and any of its demonstrations is provided
"as is" without warranty of any kind.
GreyMagic Software is not liable for any direct or indirect damages caused
as a result of using the information or demonstrations provided in any part
of this advisory.
- Copyright � 2004 GreyMagic Software.
Powered by blists - more mailing lists