Paul Wilders
August 8th, 2002, 04:33 AM
Author:
Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp]
Risk:
Medium
Vulnerable:
Windows2000 SP2 Opera 6.03
Windows2000 SP2 Opera 6.04
Overview:
Opera allows running Malicious Scripts due to a bug in 'FTP view'.
If you click on a malicious link, the script embedded in URL will run.
Details:
This problem is in 'FTP view'.
The '<title>URL</title>' is not escaped.
Exploit code:
deleted - Forum Admin
Example:
deleted - Forum Admin
Demonstration:
www.geocities.co.jp/SiliconValley/1667/advisory04e.html (http://www.geocities.co.jp/SiliconValley/1667/advisory04e.html)
Workaround:
Disable JavaScript.
Vendor status:
Opera Software ASA was notified on 30 June 2002.
-------
source: bugtraq
Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp]
Risk:
Medium
Vulnerable:
Windows2000 SP2 Opera 6.03
Windows2000 SP2 Opera 6.04
Overview:
Opera allows running Malicious Scripts due to a bug in 'FTP view'.
If you click on a malicious link, the script embedded in URL will run.
Details:
This problem is in 'FTP view'.
The '<title>URL</title>' is not escaped.
Exploit code:
deleted - Forum Admin
Example:
deleted - Forum Admin
Demonstration:
www.geocities.co.jp/SiliconValley/1667/advisory04e.html (http://www.geocities.co.jp/SiliconValley/1667/advisory04e.html)
Workaround:
Disable JavaScript.
Vendor status:
Opera Software ASA was notified on 30 June 2002.
-------
source: bugtraq