Summary by rahul0x01
Hello team,
My name is Rahul Sirvi, security researcher from India 🇮🇳.
Summary: After performing my RECON on opera.com, I found few panels from which I was able to access one from them.
The panels were:
https://subdomain01.opera.com/login?redirect=%252F
https://subdomain02.opera.com/admin/
https://vulnerablesubdomain.opera.com/site/login
https://subdomain03.opera.software/pwm/
Steps to reproduce:
- Go to "https://vulnerablesubdomain.opera.com/site/login". A login page appears.
- Pluck /site/login and add /admin.
- Got into the panel without any authorization <3
Thanks,