Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Orkut URL Redirection Vulnerability

From: Adriel Desautels <simon () snosoft com>
Date: Thu, 07 Sep 2006 09:37:21 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did you notify orkut?

keyshor wrote:

Hi All,

I have found url redirection vulnerability on www.orkut.com
<http://www.orkut.com>.

If a user clicks on a malicious link he/she will redirect to an
attackers website. The attacker can capture the valid
username,password and then redirect a user to original orkut
website.

Proof Of Concept:

Original Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F




Maliciously Crafted Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com





-- Kishor Sonawane keyshor () gmail com <mailto:keyshor () gmail com>

----------------------------------------------------------------------




_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/



- --

Regards,
    Adriel T. Desautels
    SNOsoft Research Team
    Office: 617-924-4510 || Mobile : 857-636-8882

    ----------------------------------------------
    Vulnerability Research and Exploit Development

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFACCQf3Elv1PhzXgRAjlbAJ9Joc/B5a0n8rYqsGp8uIjpYFDiqgCfaDYS
L4ojR/ypgyLSdcmhtXQQ6KU=
=tqUD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: