Opera HTTP Auth Phishing.

By secgeeks - Posted on June 12th, 2007

Tagged:

236

vote

Whoops there it goes! Another pure browser evilness, this time for all the Opera fans. Alex and I where bouncing of e-mails and then he sends me this PoC out of the blue. He told me: "Opera truncates the string for the server's hostname after the 34th character. So you can easily set up a domain like securelogin.profiles.microsoft.com.testing.bitsploit.de to phish a user's login data." And that is what he did:Visit the PoC URL below with Opera (I used 9.21) and click on the link.

Bookmark/Search this post with:

Trackback URL for this post:

http://secgeeks.com/trackback/508

Similar entries

Recent blog posts

Newly Popular

Drupalit monthly

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Problem solved!!!!
30 weeks 5 days ago
New version here
33 weeks 2 days ago
thanks for sharing.
1 year 1 week ago
links
1 year 2 weeks ago
Link to preplay
1 year 2 weeks ago
so now you are on linkedin
1 year 18 weeks ago
Outlook Email search tool
1 year 34 weeks ago
nice tool..
2 years 25 weeks ago
Preplay for windows
2 years 26 weeks ago
yeah,foxit is god
2 years 28 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 9 guests online.

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Fake antivirus removal instructions

Partners

www.techmantras.com
Play Free Bingo at WikiBingo.co.uk
Find the latest Scratch Cards Games
Play bingo with no commitment-bingo winner.
Rent Sell Property
Post your Classified Ads for free
add your link here..