-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: ~~~~~~~~~~~~~~~~~ Opera FTP View Cross-Site Scripting Vulnerability Date: ~~~~~~~~~~~~~~~~~ 4 August 2002 Author: ~~~~~~~~~~~~~~~~~ Eiji James Yoshida [ptrs-ejy@bp.iij4u.or.jp] Risk: ~~~~~~~~~~~~~~~~~ Medium Vulnerable: ~~~~~~~~~~~~~~~~~ Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04 Overview: ~~~~~~~~~~~~~~~~~ Opera allows running Malicious Scripts due to a bug in 'FTP view' feature. If you click on a malicious link, the script embedded in URL will run. Details: ~~~~~~~~~~~~~~~~~ This problem is in 'FTP view' feature. The 'URL' is not escaped. Exploit code: ~~~~~~~~~~~~~~~~~ Example: Demonstration: ~~~~~~~~~~~~~~~~~ http://www.geocities.co.jp/SiliconValley/1667/advisory04e.html Workaround: ~~~~~~~~~~~~~~~~~ Disable JavaScript. Vendor status: ~~~~~~~~~~~~~~~~~ Opera Software ASA was notified on 30 June 2002. - ------------------------------------------------------------- Eiji "James" Yoshida penetration technique research site E-mail: zaddik@geocities.co.jp URL: http://www.geocities.co.jp/SiliconValley/1667/index.htm - ------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8ckt Comment: Eiji James Yoshida iQA/AwUBPU92oTnqpMRtMot1EQKN1gCcCsMtg6cAEBGMdfupW/WvmYIl+R0AoK1E JiccWmvatZQwH9YV3FX8q1pv =eHkj -----END PGP SIGNATURE-----