Orkut.com the social networking site from Google is still very much exposed to the XSS bug. Although on orkut's official blog the orkut team states that they have fixed the bug and the new features of the orkut scrapbook cannot be exploited anymore, but the problem still seems to be at large. As per the orkut team "..
We believe that this action has been effectively stopped" but here below I am sharing a small script that does the trick on your orkut scrapbook.If someone copies the below script and sends you a scrap in your scrapbook, you automatically are logged out of orkut. And even if you try login again and go to your scrapbook, you are logged out again. I would suggest not trying this with your friends, because if you do so.. they might not know how to delete your scrap and could never come out of this problem.Here is the script, which when copy pasted in your friends scrapbook. does the trick
http://www.orkut.com/GLogin.aspx?cmd=logout" width="1" height="1">
Also there is a method of avoiding these kinds of XSS bug in your scrapbook and also there is a method by which one can delete these kind of scraps (Will write about it latter some time).
Tuesday, March 24, 2009
Orkut still vulnerable to the scrapbook XSS bug
Posted by brady at 4:45 AM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment