Hi, Opera 7.22 File Creation and Execution Exploit (Malicious Webserver)
http://www.k-otik.net/exploits/11.22.Opera7.22.pl.php ################################################## # # Sample code of # "[Opera 7] Arbitrary File Auto-Saved Vulnerability." # # This Exploit will run a webserver that will create and execute a batch # file on the victim's computer when visiting this malicious server # # This perl script is a small HTTP server for a check ofthe vulnerability. # BTW, you can exploit this vulnerability without a server like this # if your apache or etc., allow a request URL that contains '..'. # # Tested on : # Opera 7.22 # Opera 7.21 # Opera 7.20 # Opera 7.1X # Opera 7.0X # # with Active Perl 5.8.0 on Windows 2000 Pro SP4 JP. # (maybe need Perl 5.6 or later) # # Usage : # [0] Execute "perl this_script 10080" on a console, # this server starts to listen in port 10080. # [1] Opera opens "http://127.0.0.1:10080/";. # [2] Click link. # [3] Auto-saved an arbitrary file on a root directory # of Local Disk ... __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
