Opera 7.52 (Build 3834) Address Bar Spoofing Issue

[tdinc]

A vulnerability is found in the Opera browser version 7.52 , which
potentially
can be exploited by malicious people to conduct phishing attacks against a
user.

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.


Tested on WindowsXP SP1.

Demonstration HTML source code:

EDIT: REMOVED CODE for security reasons

for more info on this visit insecure.org

 

[Lee]

Nice shout, did you find this out yourself? If not mail Opera and tell em.

You could be in-line for some presents!

 

[Geffy]

hrmm not sure about this thread with actually posting the code that could be used

 

[tdinc]

This bug has been reported to opera, but no response as of yet.

the code is not shown in full, this was reported by the SANS storm team
at the time of post., As a Registered GCIA and code tester for SANS I have been given authority to report situations that pose as a threat to information systems. If this code crosses the boundry of OSNN.net regulations and rules I will be glad to remove a portion of the post



edit: this code was discovered by a fellow SANS storm code breaker