Here is a new XSS vulnerability found for "orkut blogs". With the exploitation of this vulnerability an attacker can steal the login credentials of the victim. I have posted the screenshot of one. Heres the link of 1 INJECTED XSS BLOG: IMPORTANT NOTE: If you visit this profile then your login credentials would be stolen. So make sure that u create a new fake profile and then check this out. Link:- http://www.orkut.com/Main#Application.aspx?uid=2377494914036893288&appId=675426251494 Screen shot is attached Credits to:- Pierre Gardenat
Obviously,the whole point of this exploit is to have your victim visiting the exploited page and steale their cookie session. It will work perfectly if you send them a convincing message with an eleborated and crafted page link. I won't o it,but there are plenty websites that inspect source codes from websites for you to view. Look at the source code and check it out.
if they're disabled then you're out of luck. However,it all will depend on the site. Make a search about https/http cookies and regular session cookies,big diference between the two of them.
I dont think cookies would be disabled for google. Entire google works on cookies. All the google sites work on cookies and they share the same session i.e. google, gmail, orkut etc.