Full Disclosure mailing list archives
Re: Orkut URL Redirection Vulnerability
From: Adriel Desautels <simon () snosoft com>
Date: Thu, 07 Sep 2006 09:37:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you notify orkut? keyshor wrote:
Hi All, I have found url redirection vulnerability on www.orkut.com <http://www.orkut.com>. If a user clicks on a malicious link he/she will redirect to an attackers website. The attacker can capture the valid username,password and then redirect a user to original orkut website. Proof Of Concept: Original Link: https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F Maliciously Crafted Link: https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com -- Kishor Sonawane keyshor () gmail com <mailto:keyshor () gmail com> ---------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- -- Regards, Adriel T. Desautels SNOsoft Research Team Office: 617-924-4510 || Mobile : 857-636-8882 ---------------------------------------------- Vulnerability Research and Exploit Development -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFACCQf3Elv1PhzXgRAjlbAJ9Joc/B5a0n8rYqsGp8uIjpYFDiqgCfaDYS L4ojR/ypgyLSdcmhtXQQ6KU= =tqUD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Orkut URL Redirection Vulnerability keyshor (Sep 07)
- Re: Orkut URL Redirection Vulnerability Adriel Desautels (Sep 07)
- <Possible follow-ups>
- Re: Orkut URL Redirection Vulnerability Julio Cesar Fort (Sep 07)
- Re: Orkut URL Redirection Vulnerability Olli Haukkovaara (Sep 07)
- Re: Orkut URL Redirection Vulnerability cardoso (Sep 07)
- Re: Orkut URL Redirection Vulnerability Peter Dawson (Sep 07)
- Re: Orkut URL Redirection Vulnerability Olli Haukkovaara (Sep 07)