Results 1 to 4 of 4

Thread: Vulneravility: Opera TXT & HTML Mix-up

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulneravility: Opera TXT & HTML Mix-up

    Opera Content-Type HTML File Execution Vulnerability


    Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.


    It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.

    Remote:Yes

    Exploit: No exploit code is required to take advantage of this issue.

    Vulnerable: Opera Software Opera Web Browser 6.0.1win32

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Yeh, this sucks and junk. I think I heard about this, or at least something like it, on xatrix today. Thanks for the post.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Cool post dude
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Reminds me of the VBS exploit in win 98 first edition....you could actually write a trojan into your victims start up folder, and when they restarted,,,Boom gottem. Trojan infection via http link. Gotta love it.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •