Panel access at https://news-push-88.op-mobile.opera.com/.

Disclosed by
rahul0x01's avatar
rahul0x01
  • Engagement Opera Public Bug Bounty
  • Disclosed date over 2 years ago
  • Points 10
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by rahul0x01

Hello team,
My name is Rahul Sirvi, security researcher from India 🇮🇳.

Summary: After performing my RECON on opera.com, I found few panels from which I was able to access one from them.

The panels were:
https://subdomain01.opera.com/login?redirect=%252F
https://subdomain02.opera.com/admin/
https://vulnerablesubdomain.opera.com/site/login
https://subdomain03.opera.software/pwm/

Steps to reproduce:

  1. Go to "https://vulnerablesubdomain.opera.com/site/login". A login page appears.
  2. Pluck /site/login and add /admin.
  3. Got into the panel without any authorization <3

Thanks,

Activity
  1. Joshua’s avatar
    Joshua Customer published the disclosure report

    ()

  2. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  3. rahul0x01’s avatar
    rahul0x01 requested disclosure

    ()

  4. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  5. Joshua’s avatar
    Joshua Customer sent a message

    ()

  6. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  7. Joshua’s avatar
    Joshua Customer rewarded rahul0x01

    ()

  8. Joshua’s avatar
    Joshua Customer sent a message

    ()

  9. Joshua’s avatar
    Joshua Customer changed the state to Resolved

    ()

  10. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  11. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  12. Joshua’s avatar
    Joshua Customer sent a message

    ()

  13. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  14. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  15. Joshua’s avatar
    Joshua Customer sent a message

    ()

  16. Joshua’s avatar
    Joshua Customer changed the state to Unresolved

    ()

  17. Joshua’s avatar
    Joshua Customer rewarded rahul0x01 10 points

    ()

  18. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  19. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  20. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  21. mrhacker_bugcrowd’s avatarbugcrowd logo
    mrhacker_bugcrowd changed the severity to P3

    ()

  22. mrhacker_bugcrowd’s avatarbugcrowd logo
    mrhacker_bugcrowd changed the state to Triaged

    ()

  23. mrhacker_bugcrowd’s avatarbugcrowd logo
    mrhacker_bugcrowd sent a message

    ()

  24. rahul0x01’s avatar
    rahul0x01 sent a message

    ()

  25. rahul0x01’s avatar
    rahul0x01 created the submission

    ()