Hijacking Opera’s Native Page using malicious RSS payloads

In this exploit, an attacker uses a maliciously crafted RSS payload to achieve full control over the Victim’s Opera Browser. The attack works by convincing a user to visit a RSS feed link. When the user opens the url in Opera, there are two things that take place. The first one being Javascript in various RSS feed entries gets executed in the context of the calling site. This part was discussed in the previous post and can be used to execute XSS in the context of that site. The second thing that occurs is the untrusted rss feed content lands up in the Opera’s Feed Subscription Page (also the reason for this post). Since this is a native page, it runs in a higher privileged zone than the internet zone (something similar to chrome:// in Firefox and Chrome).

Source

This entry was posted on Thursday, October 29th, 2009 at 1:12 pmand is filed under Browsers, Exploits, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

uncompiled.com

Hijacking Opera’s Native Page using malicious RSS payloads

Leave a Reply

Categories

Archives

New Files

Comics

Conferences

Exploits

Friends

Music

Organizations

Podcasts

Programming

Technology