Description
Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/multi/browser/opera_historysearchmsf undefined(opera_historysearch) > show actions ...actions...msf undefined(opera_historysearch) > set ACTION < action-name >msf undefined(opera_historysearch) > show options ...show and set options...msf undefined(opera_historysearch) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub