Crash
02-10-2004, 12:00 AM
# Sample code of
# "[Opera 7] Arbitrary File Auto-Saved Vulnerability."
#
# This Exploit will run a webserver that will create and execute a batch
# file on the victim's computer when visiting this malicious server
#
# This perl script is a small HTTP server for a check ofthe vulnerability.
# BTW, you can exploit this vulnerability without a server like this
# if your apache or etc., allow a request URL that contains '..'.
#
# Tested on :
# Opera 7.22
# Opera 7.21
# Opera 7.20
# Opera 7.1X
# Opera 7.0X
#
# with Active Perl 5.8.0 on Windows 2000 Pro SP4 JP.
# (maybe need Perl 5.6 or later)
#
# Usage :
# [0] Execute "perl this_script 10080" on a console,
# this server starts to listen in port 10080.
# [1] Opera opens "http://127.0.0.1:10080/".
# [2] Click link.
# [3] Auto-saved an arbitrary file on a root directory
# of Local Disk ...
#
# 2003/11/15
# written by nesumin <nesumin softhome net>
# "[Opera 7] Arbitrary File Auto-Saved Vulnerability."
#
# This Exploit will run a webserver that will create and execute a batch
# file on the victim's computer when visiting this malicious server
#
# This perl script is a small HTTP server for a check ofthe vulnerability.
# BTW, you can exploit this vulnerability without a server like this
# if your apache or etc., allow a request URL that contains '..'.
#
# Tested on :
# Opera 7.22
# Opera 7.21
# Opera 7.20
# Opera 7.1X
# Opera 7.0X
#
# with Active Perl 5.8.0 on Windows 2000 Pro SP4 JP.
# (maybe need Perl 5.6 or later)
#
# Usage :
# [0] Execute "perl this_script 10080" on a console,
# this server starts to listen in port 10080.
# [1] Opera opens "http://127.0.0.1:10080/".
# [2] Click link.
# [3] Auto-saved an arbitrary file on a root directory
# of Local Disk ...
#
# 2003/11/15
# written by nesumin <nesumin softhome net>