Opera Multiple Function Address Bar Spoofing

2004-07-26T00:00:00
ID OSVDB:8317
Type osvdb
Reporter bitlance winter(bitlance_3@hotmail.com)
Modified 2004-07-26T00:00:00

Description

Vulnerability Description

Opera contains a flaw that may allow a malicious user to spoof a trusted Web page. The issue is triggered when a remote attacker alters the opera address bar with the window.open and location.replace functions, which will load other page contents while keeping the URL. By crafting a specially-crafted web page, a remote attacker can spoof a trusted website to trick users into visiting a malicious Web site and possibly retrieve sensitive information, resulting in a loss of integrity.

Solution Description

Upgrade to version 7.54 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Opera contains a flaw that may allow a malicious user to spoof a trusted Web page. The issue is triggered when a remote attacker alters the opera address bar with the window.open and location.replace functions, which will load other page contents while keeping the URL. By crafting a specially-crafted web page, a remote attacker can spoof a trusted website to trick users into visiting a malicious Web site and possibly retrieve sensitive information, resulting in a loss of integrity.

Manual Testing Notes

[script] function fake() { oc=window.open('http://www.opera.com/', '','location=1'); oc.location.replace('http://www.example.com'); } [/script] [a href="javascript:void(0);" onClick="fake()"]http://www.opera.com/[/a]

References:

Vendor URL: http://www.opera.com/windows/changelogs/754/ Secunia Advisory ID:12162 Other Advisory URL: http://www.securiteam.com/securitynews/5HP0T20DFE.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html ISS X-Force ID: 16816 Bugtraq ID: 10810