Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Opera Skinned and Opera Directory Traversal (Exploit)

Nov 19, 2003 4:30PM PST

Summary
While installing Opera, if the "USE SEPARATE SETTINGS FOR EACH USER" option is selected, the "opera7/profile" folder is stored in the "<username>/application data/opera7" location instead of in the Opera root folder. The "profile" folder contains user specific data for different Opera users. Therefore, each user has a different "profile" folder in his "<username>/application data/opera7" folder.
Folders of interest to us in which configuration files are automatically downloaded and stored (like skin, toolbar, mouse, etc.) are subfolders of the "profile" folder and hence are also moved to this location.
In this scenario, the arbitrary files can still be dropped in the respective folders. However, for executing the files, the <username> variable must be known. Other methods of exploiting this scenario may come up later.

Details
Vulnerable systems:
* Opera version 7.21 and prior

Immune systems:
* Opera version 7.22

http://www.securiteam.com/exploits/6W00J2K8UI.html
Also - http://www.securiteam.com/windowsntfocus/6U00H2K8UY.html

Discussion is locked