lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: alf1num3rik at yahoo.com (Stephen)
Subject: [EXPLOIT] Opera 7.22 File Creation and Execution Exploit !

Hi,

Opera 7.22 File Creation and Execution Exploit
(Malicious Webserver)

http://www.k-otik.net/exploits/11.22.Opera7.22.pl.php

##################################################
#
# Sample code of
#   "[Opera 7] Arbitrary File Auto-Saved
Vulnerability."
#   
#   This Exploit will run a webserver that will create
and execute a batch 
#   file on the victim's computer when visiting this
malicious server
#
#   This perl script is a small HTTP server for a
check ofthe vulnerability.
#   BTW, you can exploit this vulnerability without a
server like this 
#   if your apache or etc., allow a request URL that
contains '..'.
#
# Tested on :
#   Opera 7.22
#   Opera 7.21
#   Opera 7.20
#   Opera 7.1X
#   Opera 7.0X
#
#   with Active Perl 5.8.0 on Windows 2000 Pro SP4 JP.
#   (maybe need Perl 5.6 or later)
#
# Usage :
#  [0] Execute "perl this_script 10080" on a console,
#      this server starts to listen in port 10080.
#  [1] Opera opens "http://127.0.0.1:10080/".
#  [2] Click link.
#  [3] Auto-saved an arbitrary file on a root
directory
#      of Local Disk ...



__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/


Powered by blists - more mailing lists