exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Pwning Opera Unite With Inferno's Eleven

Pwning Opera Unite With Inferno's Eleven
Posted Sep 2, 2009
Authored by Inferno from Secure Thoughts

This small write up discusses various security aspects and pitfalls of Opera Unite.

tags | advisory
SHA-256 | 7d7c159792881f1441ae8d07984be5d484597c6edac8de5997bd17560e08b347

Pwning Opera Unite With Inferno's Eleven

Change Mirror Download
Pwning Opera Unite with Inferno's Eleven
----------------------------------------
Complete Post at
http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/

Opera Unite, the upcoming version of the Opera browser has a strong vision
to change how we look at the web. For those who are unknown to this radical
technology, it extends your browser into a full-blown collaboration suite
where you can chat with people, leave notes, share files, play media, host
your sites, etc. (Wow!!).

Opera Unite comes bundled with a bunch of standard services such as Fridge
(Notes), The Lounge (chatroom), etc. It is important to understand that
these services have two distinct views. One view is of the Service Owner,
who installs, customizes and runs these services on his or her computer. The
service owner and the computer running these services have associated
identifiers. By default, computer name is "home". So, your administrative
homepage is http://admin.home.uid.operaunite.com/. Remember that even though
the protocol of communication looks like http, it is not. Opera relays all
traffic using a proprietary ucp protocol (encrypted) to asd.opera.com and
auth.opera.com (no protocol details except here). The other view is of the
Service Page which is used by your users (friends, customers, etc) to access
your selected content. These trusted users can access your services from any
browser (not just opera unite) and uses the plain http protocol. The service
homepage is http://home.uid.operaunite.com/.

I was fascinated by this idea, so I decided to look at the security aspects
of the product (while it was in beta). Here are my findings in no particular
priority order (tested on 10.00 Beta 3 Build 1703).

1. Enumerating Service Owner Usernames

2. Enumerating Computer names for a particular Service Owner

3. Enumerating Service Owner Server IP address and Port number

4. Hijacking Insecure Communication in Service Pages

5. Hosting Phishing Pages and other Malware on Trusted Operaunite.com

6. CSRF-ing a File Upload from a Trusted User

7. CSRF-ing a Note on the Fridge

8. CSRF-Ing anyuserid to join a chatroom

9. XSS ing the unite-session-id cookie, works for almost all services

10. Clickjacking any Service Page

11. Inconsistency in Password Policy for some services

Read details at
http://securethoughts.com/2009/08/pwning-opera-unite-with-infernos-eleven/

Thanks and Regards,
Inferno
Security Researcher
SecureThoughts.com

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close