[NEWS] Opera Address Bar Spoofing Issue Revisited

From: SecuriTeam (support_at_securiteam.com)
Date: 07/27/04

  • Next message: SecuriTeam: "[UNIX] Artmedic Kleinanzeigen Allows PHP Code Inclusion ( index.php )" 
    To: list@securiteam.com
Date: 27 Jul 2004 20:22:48 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Opera Address Bar Spoofing Issue Revisited
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.opera.com/> Opera is "a cross-platform web browser". Yet
    another method allows an attacker to spoof the address bad in Opera
    thereby fooling a victim into a malicious page.

    DETAILS

    Vulnerable Systems:
     * Opera browser version 7.53 build 3850

    A sample script code as the following placed in an HTML page can be used
    to spoof the address bar in Opera's latest version:
    <scr!pt>
    function fake() {
      oc=window.open('http://www.opera.com/', '','location=1');
      oc.location.replace('http://www.example.com');
    }
    </scr!pt>
    <[a href="javascript:void(0);" onClick="fake()">http://www.opera.com/>

    The effects of attacks such as this is that an attacker that has
    constructed a malicious HTML page containing code similar to the one
    listed above will be able to fool a user into thinking he/she are watching
    a legitimate page, which actually watching a crafted site by the attacker,
    designed to retrieve important information such as passwords. A
    sample-crafted site might be a username and password prompt for a known
    service. Most users will believe the address bar and would benignly enter
    their login information once more, to the delight of the attacker who
    crafted the page.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:bitlance_3@hotmail.com>
    bitlance winter.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] Artmedic Kleinanzeigen Allows PHP Code Inclusion ( index.php )"

    Relevant Pages