lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY1-F239y5lYG1oVX100058803@hotmail.com>
From: bitlance_3 at hotmail.com (bitlance winter)
Subject: Opera7.53 show you wrong URL adsress (NOT security issue,Sorry but unbelievable)

============
References:
http://secunia.com/advisories/12028/

Quoted:
Solution:
This vulnerability has been eliminated in version 7.53.
http://www.opera.com/download/
============

How to eliminate ?
Opera developer give it away showing you reet URL!
Unbelievable.

Let us checkout this HTML and look at address bar.

[html]
[head]
[script]
location.replace('http://www.google.com/');
[/script]
[/head]
[body]
[h1]title[/h1]
[/body]
[/html]

Or checkout,

[html]
[head]
[/head]
[body onload="location.replace('http://www.google.com/');"]
[h1]Onload?[/h1]
[/body]
[/html]

NOTE: It is not security issue.
It is a simple bug or the best manual workaround.

Best Regards.

--
bitlance winter

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ