Severity
Moderately severe
Problem description
Input names can contain line breaks when data is sent using POST. Suitable use of the random number generator can reveal predictable boundaries that will be used when sending the POST data. These can be combined to add extra boundaries into the data, containing payloads that may confuse the receiving server or be used for XSRF.
Suitable monitoring of the change in the state of the random number generator before and after loading other pages, might reveal which scripts have been executed and thus the user’s login status.
Opera’s response
Opera Software has released Opera 9.64 where this issue has been fixed.
Credits
Thanks to Amit Klein for reporting this issue to Opera Software.