Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Opera, Feed List, local file access
Posted by: Ivan
Date: July 14, 2008 05:13AM

Hello everyone, I find some interesting things about Opera and want to share ...

First about target:

Opera 9.51, Build: 10081, Platform: Win32 SP2

Vendor contacted 7.7.08, with no reply.

Vulnerabilities:

1. Local file access

Description:

We can point to local xml feed from ours web page and open it (when user click on Feed List icon). Using some technic with counting focus lose we can find if file exists or not.
If file exists user will have two (a) focus lose and if not he will have only one (b).

a. We have confirmation dialog ("New Subscription") and than we have new
window with feed list (rss viewer).

b. We have only confirmation dialog.

Advisory: http://security-net.biz/wsw/index.php?p=253&n=190
Playground: http://security-net.biz/files/rss-vuln/opera1.php


2. Something like address bar spoof :)

Description:

Using special created web page we can open (when user click on Feed List icon) new page but keep address bar the same.
I don't have idea how to take advantage from this ...

Advisory: http://security-net.biz/wsw/index.php?p=252&n=190
Playground: http://security-net.biz/files/rss-vuln/opera2.php


That`s it, please comment.

Ivan

http://www.security-net.biz/



Edited 2 time(s). Last edit at 07/16/2008 01:21PM by Ivan.

Options: ReplyQuote


Sorry, only registered users may post in this forum.