Opera FTP View Cross-Scripting Flaw

Discussion in 'other security issues & news' started by Paul Wilders, Aug 8, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Author:
    Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp]

    Risk:
    Medium

    Vulnerable:
    Windows2000 SP2 Opera 6.03
    Windows2000 SP2 Opera 6.04


    Overview:
    Opera allows running Malicious Scripts due to a bug in 'FTP view'.
    If you click on a malicious link, the script embedded in URL will run.

    Details:
    This problem is in 'FTP view'.
    The '<title>URL</title>' is not escaped.

    Exploit code:
    deleted - Forum Admin

    Example:
    deleted - Forum Admin

    Demonstration:
    www.geocities.co.jp/SiliconValley/1667/advisory04e.html

    Workaround:
    Disable JavaScript.

    Vendor status:
    Opera Software ASA was notified on 30 June 2002.

    -------

    source: bugtraq
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.