February 15th, 2002 11:37 PM
Vulneravility: Opera TXT & HTML Mix-up
Opera Content-Type HTML File Execution Vulnerability
Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.
It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.
Exploit: No exploit code is required to take advantage of this issue.
Vulnerable: Opera Software Opera Web Browser 6.0.1win32
February 15th, 2002 11:55 PM
Yeh, this sucks and junk. I think I heard about this, or at least something like it, on xatrix today. Thanks for the post.
February 16th, 2002 08:04 PM
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !
February 16th, 2002 08:17 PM
Reminds me of the VBS exploit in win 98 first edition....you could actually write a trojan into your victims start up folder, and when they restarted,,,Boom gottem. Trojan infection via http link. Gotta love it.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2