what you don't know can hurt you

Opera Browser Speed Dial Extensions CSRF / XSS

Opera Browser Speed Dial Extensions CSRF / XSS
Posted Aug 27, 2013
Authored by Lostmon | Site lostmon.blogspot.com

The Opera Speed Dial extensions suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | be4de6065dc517b692c413a4365db319

Opera Browser Speed Dial Extensions CSRF / XSS

Change Mirror Download
########################################
Opera Browser Speed Dial Extensions XSS and XSRF
Original advisore:
http://lostmon.blogspot.com.es/2013/08/opera-browser-speed-dial-extensions-xss.html
########################################

############
Description:
############

Speed Dial gives you quick access to your favorite Web sites. Every time
you open a new tab, you are presented with a 3x3 grid of thumbnails, each
representing a Web address. To open a page, click on the corresponding
thumbnail, or use the keyboard shortcuts.
http://help.opera.com/Mac/10.50/en/speeddial.html

#########
Abstract
#########

Developers Build Extensions for fast access to web services like
Gmail, Flirk or Facebook.

Speed dial "protect users" to direct XSS attacks, but the extensions used
in Speed ??Dial, are not free of bugs and some of them are not safe. A
remote attacker could compose special attacks, for abusing the
functionality of these extensions in Speed Dial.


####################
Extensions for Gmail
####################

This two extenions show latest unread Emails from Gmail and are prone
vulnerables to XSS & CSRF style atacks.

######
XSS:
######

If a attacker write a Email and in subject insert a html code it is
executed in the extension.


<http://3.bp.blogspot.com/-Ps9aJOC0H7U/Uh0f4VZAgJI/AAAAAAAAAH0/JjadBaF-Jto/s1600/svg.png>
















######
XSRF:
######

If a attacker compose a Email with subject like
"><iframe src="https://mail.google.com/mail/?logout&hl=es"<>/iframe>
when the extension refresh content, it cause victim logout function.


https://addons.opera.com/es/extensions/details/gmail-on-speed-dial-ex/
https://addons.opera.com/es/extensions/details/gmail-on-speed-dial/

##############################
Extensions for Google Calendar
##############################

This Two extensions Show reminders and events from Google Calendar
and are prone vulnerables to XSS & CSRF style attacks

######
XSS:
######

If a attacker write a event in a shared calendar and in subject insert a
html code it is executed in the extension.

<http://2.bp.blogspot.com/-2dL5w4bP6fo/Uh0gLc1NLxI/AAAAAAAAAH8/lElKwJgAVco/s1600/iframe.png>

######
XSRF:
######

If a attacker a event in a shared calendar with subject like
"><iframe src="https://www.google.com/calendar/logout"<>/iframe>
when the extension refresh content, it cause victim logout function.


https://addons.opera.com/es/extensions/details/google-calendar/
https://addons.opera.com/es/extensions/details/gcaltoday/

################
Related Links
################

http://lostmon.blogspot.com.es/2010/09/google-chrome-instaled-extensions.html
http://www.osvdb.org/search?search[vuln_title]=lostmon%20extension&search[text_type]=alltext
http://www.oxdef.info/posts/2011/01/18/chrome-ext/
http://www.pcmag.com/article2/0,2817,2359778,00.asp


############## End ########################

##################
Solution
###################

No solution was available at this time !!!

################ €nd ####################

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    6 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close