Orkut Cross Site Scripting

Orkut Cross Site Scripting: Posted Dec 15, 2009; Authored by Sanjay Kumar; Orkut suffered from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | db1549deb503e0b9be8f7cda798c073812d06cd25c35097adc9392f8943a4b0f; Download | Favorite | View

Orkut Cross Site Scripting

Patched as of 12/12/2009.


All the test procedure along with snapshot is attached in the mail.

*The vulnerability exists in Video section of orkut. I took following steps
to exploit the vulnerability:

1) Login in Orkut account.
2) In your video section, click on "edit description".
3) Now enter the following script which will create a button named "Click
here",
The script is mentioned in Attached file:-

* *<input name=btnI type=submit value="Click here" class=lsb
"onfocus="alert(123) ">

4) Now as this script is onfocus. So click on that button created by this
script.
5) Now an alert box appear, which shows that the script is executed
successfully.*



Thanks & Regards,
Sanjay Kumar
sanjay1519841@gmail.com

Top Authors In Last 30 Days

Red Hat 341 files
Ubuntu 54 files
Gentoo 33 files
Debian 23 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Adam Gowdiak 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,819)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,935)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,527)
UNIX (9,407)
UnixWare (187)
Windows (6,660)
Other

Orkut Cross Site Scripting

Orkut Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Orkut Cross Site Scripting

Share This

Orkut Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems