• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Opera 7.52 (Build 3834) Address Bar Spoofing Issue

tdinc

█▄█ ▀█▄ █
Political User
#1
A vulnerability is found in the Opera browser version 7.52 , which
potentially
can be exploited by malicious people to conduct phishing attacks against a
user.

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.


Tested on WindowsXP SP1.

Demonstration HTML source code:

EDIT: REMOVED CODE for security reasons

for more info on this visit insecure.org
 
L

Lee

Guest
#2
Nice shout, did you find this out yourself? If not mail Opera and tell em.

You could be in-line for some presents!
 

tdinc

█▄█ ▀█▄ █
Political User
#4
This bug has been reported to opera, but no response as of yet.

the code is not shown in full, this was reported by the SANS storm team
at the time of post., As a Registered GCIA and code tester for SANS I have been given authority to report situations that pose as a threat to information systems. If this code crosses the boundry of OSNN.net regulations and rules I will be glad to remove a portion of the post
:)


edit: this code was discovered by a fellow SANS storm code breaker
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,960
Messages
673,237
Members
89,011
Latest member
grovo_test