Andr0m3da
Power Member
SecuriTeam has reported -at
http://www.securiteam.com/windowsntfocus/5YP0O2075S.html- that versions 6.01
and 6.02 of the Opera browser are affected by a vulnerability that could
allow an intruder to read files on the hard disk of an affected system.
As with all browsers today, Opera supports the <_ input type="file" _> (tem os _ para não aparecer o elemento) element,
which is a standard method for uploading files to servers. As this is a very
security-sensitive element, most web browsers do not allow its "value"
attribute to be previously set (read only). If it was possible to assign an
arbitrary string to the "value" attribute, an attacking server could fetch
any local file by simply submitting a form (through scripting or social
engineering, if scripting has been disabled).
Opera's approach to the file element is a little different. The "value"
attribute can be set, but before the form it resides in is submitted, a
dialog comes up with the following warning: "The files listed below have
been selected, without your intervention, to be sent to another computer. Do
you want to send these files?". However, in versions 6.01 and 6.02 of Opera
it is possible to by pass the confirmation dialog box, and so an attacker
could obtain the files they wanted from the user without their knowledge.
http://www.securiteam.com/windowsntfocus/5YP0O2075S.html- that versions 6.01
and 6.02 of the Opera browser are affected by a vulnerability that could
allow an intruder to read files on the hard disk of an affected system.
As with all browsers today, Opera supports the <_ input type="file" _> (tem os _ para não aparecer o elemento) element,
which is a standard method for uploading files to servers. As this is a very
security-sensitive element, most web browsers do not allow its "value"
attribute to be previously set (read only). If it was possible to assign an
arbitrary string to the "value" attribute, an attacking server could fetch
any local file by simply submitting a form (through scripting or social
engineering, if scripting has been disabled).
Opera's approach to the file element is a little different. The "value"
attribute can be set, but before the form it resides in is submitted, a
dialog comes up with the following warning: "The files listed below have
been selected, without your intervention, to be sent to another computer. Do
you want to send these files?". However, in versions 6.01 and 6.02 of Opera
it is possible to by pass the confirmation dialog box, and so an attacker
could obtain the files they wanted from the user without their knowledge.
