Orkut hacking: New XSS vuln. revealed

indiansword's Avatar, Join Date: Oct 2008
Security Expert
Here is a new XSS vulnerability found for "orkut blogs". With the exploitation of this vulnerability an attacker can steal the login credentials of the victim. I have posted the screenshot of one.

Heres the link of 1 INJECTED XSS BLOG:

IMPORTANT NOTE: If you visit this profile then your login credentials would be stolen. So make sure that u create a new fake profile and then check this out.

Link:- http://www.orkut.com/Main#Applicatio...d=675426251494

Screen shot is attached

Credits to:- Pierre Gardenat
Attached Images
File Type: jpg Orkut_vulnerable.jpg (93.4 KB, 34 views)
0
namesis's Avatar
Go4Expert Member
cool find whoeva did
0
fourthdimension's Avatar, Join Date: Jan 2009
Ambitious contributor
Is this original?
0
indiansword's Avatar, Join Date: Oct 2008
Security Expert
what do u mean by original?
0
fourthdimension's Avatar, Join Date: Jan 2009
Ambitious contributor
I just meant is this your exploit, or did you find it somewhere?
0
indiansword's Avatar, Join Date: Oct 2008
Security Expert
Credits to:- Pierre Gardenat

i have written that in the first post itself
0
fourthdimension's Avatar, Join Date: Jan 2009
Ambitious contributor
Oh. lol sorry, for some reason I thought that was the title of the image or something
0
indiansword's Avatar, Join Date: Oct 2008
Security Expert
I checked it and it works.
0
overdozed's Avatar, Join Date: Jul 2009
Newbie Member
can any 1 xplain me hw did this worked?

dnt mind 4 dis question,..
i m new...
0
naimish's Avatar
Banned
Quote:
Originally Posted by indiansword View Post
I checked it and it works.
@ indiansword

Can you please share it ?