Welcome to WebmasterWorld Guest from 54.162.167.40

Forum Moderators: open

Message Too Old, No Replies

Opera "phishing" vulnerability in 7.51

     
5:43 pm on Jun 28, 2004 (gmt 0)

10+ Year Member



... a remote user can create HTML that, when loaded by the target user, will set the URL in the status bar to an arbitrary URL.

The HTML includes an IFrame within a cascading style sheet definition and a zero second HTML Refresh statement containing a javascript command. The source URL of the iframe will be listed in the address bar.

This exploit can be used in "phishing" attacks.

[securitytracker.com...]

I believe this was the same thing that was happening on IE, right?

Jennifer

8:00 am on Jun 29, 2004 (gmt 0)

WebmasterWorld Senior Member blobfisk is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Nice catch Jennifer! Anything from Opera themselves on this yet?
3:40 pm on Jun 29, 2004 (gmt 0)

10+ Year Member



I was looking through their forums and haven't seen a response from one of the Opera people and a fix hasn't been issued yet. This was apparently found around June 22nd.

Jennifer

8:56 pm on Jun 30, 2004 (gmt 0)

10+ Year Member



This isn't the same as MSIE, and it's apparently rather difficult to actually exploit. To exploit it you'll have to get the victim to your site first apparently, and then use the trick. It's just a low risk vulnerability, in other words.

At least from what I can gather.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month