[NEWS] Opera Address Bar Spoofing Issue Revisited
From: SecuriTeam (support_at_securiteam.com)
Date: 07/27/04
- Previous message: SecuriTeam: "[NEWS] Mac OS X Panther Internet Connect Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 27 Jul 2004 20:22:48 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Opera Address Bar Spoofing Issue Revisited
------------------------------------------------------------------------
SUMMARY
<http://www.opera.com/> Opera is "a cross-platform web browser". Yet
another method allows an attacker to spoof the address bad in Opera
thereby fooling a victim into a malicious page.
DETAILS
Vulnerable Systems:
* Opera browser version 7.53 build 3850
A sample script code as the following placed in an HTML page can be used
The effects of attacks such as this is that an attacker that has
ADDITIONAL INFORMATION
The information has been provided by <mailto:bitlance_3@hotmail.com>
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
to spoof the address bar in Opera's latest version:
<scr!pt>
function fake() {
oc=window.open('http://www.opera.com/', '','location=1');
oc.location.replace('http://www.example.com');
}
</scr!pt>
<[a href="javascript:void(0);" onClick="fake()">http://www.opera.com/>
constructed a malicious HTML page containing code similar to the one
listed above will be able to fool a user into thinking he/she are watching
a legitimate page, which actually watching a crafted site by the attacker,
designed to retrieve important information such as passwords. A
sample-crafted site might be a username and password prompt for a known
service. Most users will believe the address bar and would benignly enter
their login information once more, to the delight of the attacker who
crafted the page.
bitlance winter.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Multiple vulnerabilities have been discovered in phpSysInfo allowing ... the attacker to additionally inject the $lng parameter. ... $sensor_program can *still* be used to inject active ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... directory traversal attack and thus gain access to arbitrary files located ... on the CProxy Server system. ... filtering allows a remote attacker to gain attack to arbitrary files on ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A bug in KDE can be used by an attacker to create or truncate arbitrary ... The KDE URI handler does not perform adequate filtering ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A buffer overflow vulnerability has been discovered in PicoWebServer, ... exploiting this vulnerability allows a remote attacker to run arbitrary ... an attacker can trigger a stack overflow and cause the ...
(Securiteam)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Server Client and facilitates access to Citrix published applications. ... an attacker must determine the length of the ...
(Securiteam)
