Full Disclosure mailing list archives
Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results
From: Joseph Hick <leet16y () yahoo com>
Date: Tue, 10 Jul 2007 01:46:12 -0700 (PDT)
If you sign into orkut.com then enter orkut in the filter box then you will see some orkut cookies. Look for orkut_state in www.orkut.com site. It will work if you are logged in. if you log out orkut_state cookie disappears but the session remains active in orkut.com server. So a big problem is happening in orkut. when attackers stole some cookies using XSS attacks earlier they were misusing the accounts after owner of account logged out. This problem is happening because after owner of account logged out the session remained active. In other sites like yahoo this is not possible because the session deactivates in the server after owner of account logs out. Thanks Joseph --- Deeþàn Chakravarthÿ <codeshepherd () gmail com> wrote:
It works great. But I am not able to find a similar cookie for my account. Am I missing something ? Thanks Deepan
Joseph Hick wrote:This is the interim result of a proof of conceptforGoogle Authentication issues posted in thethreads...1.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
(Orkut Server Side Management Error by Susam Pal & Vipul Agarwal) 2.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
(Google Re-authentication Bypass by Susam Pal) A session was created in Orkut at about Sat Jun 30 20:30 UTC 2007. Between June 30 and now many have hijacked this session and logged out many timesbutthe session is alive today as verified on Sun Jul8 at09:43:10 UTC 2007. The cookie for this PoC sessionis... Name: orkut_state Cookie:
ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
Domain: .www.orkut.com Path: / Send for: Any type of session Expires: Expire at end of session This proves that the session remains alive for at least 7 days after logging out. Steps to verify this... 1.) Open Firefox, etc. which allows cookieediting.This extension is required... https://addons.mozilla.org/en-US/firefox/addon/573 2.) Set the given cookie. 3.) Try to visit http://www.orkut.com/Home.aspx 4.) You will be automatically logged in with my account. It will not ask for any user-name or password. 5.) Logout 6.) Repeat steps 1. to 4. You can log in again. I want to see how long this session remains alive after multiple logout. If you try this POC leave a message in the scrapbook of the account here ... http://www.orkut.com/Scrapbook.aspx Thanks Joseph
____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google/Orkut Authentication/Session Management Issue PoC - Interim Results Joseph Hick (Jul 08)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Deeþàn Chakravarthÿ (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Joseph Hick (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Deeþàn Chakravarthÿ (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Neeraj Agarwal (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Susam Pal (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Joseph Hick (Jul 10)
- Re: Google/Orkut Authentication/Session Management Issue PoC - Interim Results Deeþàn Chakravarthÿ (Jul 10)