[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Orkut URL Redirection Vulnerability
- To: keyshor <keyshor@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Orkut URL Redirection Vulnerability
- From: Adriel Desautels <simon@xxxxxxxxxxx>
- Date: Thu, 07 Sep 2006 09:37:21 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Did you notify orkut?
keyshor wrote:
> Hi All,
>
> I have found url redirection vulnerability on www.orkut.com
> <http://www.orkut.com>.
>
> If a user clicks on a malicious link he/she will redirect to an
> attackers website. The attacker can capture the valid
> username,password and then redirect a user to original orkut
> website.
>
> Proof Of Concept:
>
> Original Link:
>
> https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
>
>
>
>
> Maliciously Crafted Link:
>
> https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com
>
>
>
>
>
> -- Kishor Sonawane keyshor@xxxxxxxxx <mailto:keyshor@xxxxxxxxx>
>
> ----------------------------------------------------------------------
>
>
>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
- --
Regards,
Adriel T. Desautels
SNOsoft Research Team
Office: 617-924-4510 || Mobile : 857-636-8882
----------------------------------------------
Vulnerability Research and Exploit Development
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFFACCQf3Elv1PhzXgRAjlbAJ9Joc/B5a0n8rYqsGp8uIjpYFDiqgCfaDYS
L4ojR/ypgyLSdcmhtXQQ6KU=
=tqUD
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/