Opera FTP View Cross-Scripting Flaw

Paul Wilders · Aug 8, 2002

Author:
Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp]

Risk:
Medium

Vulnerable:
Windows2000 SP2 Opera 6.03
Windows2000 SP2 Opera 6.04

Overview:
Opera allows running Malicious Scripts due to a bug in 'FTP view'.
If you click on a malicious link, the script embedded in URL will run.

Details:
This problem is in 'FTP view'.
The '<title>URL</title>' is not escaped.

Exploit code:
deleted - Forum Admin

Example:
deleted - Forum Admin

Demonstration:
www.geocities.co.jp/SiliconValley/1667/advisory04e.html

Workaround:
Disable JavaScript.

Vendor status:
Opera Software ASA was notified on 30 June 2002.

-------

source: bugtraq

Log in or Sign up

Opera FTP View Cross-Scripting Flaw

Paul Wilders Administrator

Log in or Sign up

Opera FTP View Cross-Scripting Flaw

Paul Wilders Administrator

Useful Searches