-
February 16th, 2002, 12:37 AM
#1
Vulneravility: Opera TXT & HTML Mix-up
Opera Content-Type HTML File Execution Vulnerability
Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.
It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.
Remote:Yes
Exploit: No exploit code is required to take advantage of this issue.
Vulnerable: Opera Software Opera Web Browser 6.0.1win32
-
February 16th, 2002, 12:55 AM
#2
Yeh, this sucks and junk. I think I heard about this, or at least something like it, on xatrix today. Thanks for the post.
-
February 16th, 2002, 09:04 PM
#3
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
February 16th, 2002, 09:17 PM
#4
Reminds me of the VBS exploit in win 98 first edition....you could actually write a trojan into your victims start up folder, and when they restarted,,,Boom gottem. Trojan infection via http link. Gotta love it.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|