lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Jul 2007 03:04:29 -0700 (PDT) From: Joseph Hick <leet16y@...oo.com> To: full-disclosure@...ts.grok.org.uk Subject: Google/Orkut Authentication/Session Management Issue PoC - Interim Results This is the interim result of a proof of concept for Google Authentication issues posted in the threads... 1.) http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html (Orkut Server Side Management Error by Susam Pal & Vipul Agarwal) 2.) http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html (Google Re-authentication Bypass by Susam Pal) A session was created in Orkut at about Sat Jun 30 20:30 UTC 2007. Between June 30 and now many have hijacked this session and logged out many times but the session is alive today as verified on Sun Jul 8 at 09:43:10 UTC 2007. The cookie for this PoC session is ... Name: orkut_state Cookie: ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=: Domain: .www.orkut.com Path: / Send for: Any type of session Expires: Expire at end of session This proves that the session remains alive for at least 7 days after logging out. Steps to verify this... 1.) Open Firefox, etc. which allows cookie editing. This extension is required... https://addons.mozilla.org/en-US/firefox/addon/573 2.) Set the given cookie. 3.) Try to visit http://www.orkut.com/Home.aspx 4.) You will be automatically logged in with my account. It will not ask for any user-name or password. 5.) Logout 6.) Repeat steps 1. to 4. You can log in again. I want to see how long this session remains alive after multiple logout. If you try this POC leave a message in the scrapbook of the account here ... http://www.orkut.com/Scrapbook.aspx Thanks Joseph ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists