lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Jul 2007 17:06:09 +0800
From: Deeþàn Chakravarthÿ <codeshepherd@...il.com>
To: Joseph Hick <leet16y@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google/Orkut Authentication/Session
 Management Issue PoC - Interim Results

Joseph Hick wrote:
> If you sign into orkut.com then enter orkut in the
> filter box then you will see some orkut cookies. Look
> for orkut_state in www.orkut.com site.
>
> It will work if you are logged in. if you log out
> orkut_state cookie disappears but the session remains
> active in orkut.com server. So a big problem is
> happening in orkut. when attackers stole some cookies
> using XSS attacks earlier they were misusing the
> accounts after owner of account logged out. This
> problem is happening because after owner of account
> logged out the session remained active.
>
> In other sites like yahoo this is not possible because
> the session deactivates in the server after owner of
> account logs out.
>
>   
Hi Joseph,
  Thanks, I was looking for the cookie after logging off. 
Thanks
Deepan
> --- Deeþàn Chakravarthÿ <codeshepherd@...il.com>
> wrote:
>   
>> It works great. But I am not able to find a similar
>> cookie for my account.
>> Am I missing something ?
>>
>> Thanks
>> Deepan
>>
>>     
>
>
>   
>> Joseph Hick wrote:
>>     
>>> This is the interim result of a proof of concept
>>>       
>> for
>>     
>>> Google Authentication issues posted in the
>>>       
>> threads...
>>     
>>> 1.)
>>>
>>>       
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
>   
>>> (Orkut Server Side Management Error by Susam Pal &
>>> Vipul Agarwal)
>>>
>>> 2.)
>>>
>>>       
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
>   
>>> (Google Re-authentication Bypass by Susam Pal)
>>>
>>> A session was created in Orkut at about Sat Jun 30
>>> 20:30 UTC 2007. Between June 30 and now many have
>>> hijacked this session and logged out many times
>>>       
>> but
>>     
>>> the session is alive today as verified on Sun Jul
>>>       
>> 8 at
>>     
>>> 09:43:10 UTC 2007. The cookie for this PoC session
>>>       
>> is
>>     
>>> ...
>>>
>>> Name: orkut_state
>>> Cookie:
>>>
>>>       
> ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
>   
>>> Domain: .www.orkut.com
>>> Path: /
>>> Send for: Any type of session
>>> Expires: Expire at end of session
>>>
>>> This proves that the session remains alive for at
>>> least 7 days after logging out. Steps to verify
>>> this...
>>>
>>> 1.) Open Firefox, etc. which allows cookie
>>>       
>> editing.
>>     
>>> This extension is required...
>>> https://addons.mozilla.org/en-US/firefox/addon/573
>>>
>>> 2.) Set the given cookie.
>>>
>>> 3.) Try to visit http://www.orkut.com/Home.aspx
>>>
>>> 4.) You will be automatically logged in with my
>>> account. It will not ask for any user-name or
>>> password.
>>>
>>> 5.) Logout
>>>
>>> 6.) Repeat steps 1. to 4. You can log in again.
>>>
>>> I want to see how long this session remains alive
>>> after multiple logout. If you try this POC leave a
>>> message in the scrapbook of the account here ...
>>> http://www.orkut.com/Scrapbook.aspx
>>>
>>> Thanks
>>> Joseph
>>>
>>>   
>>>       
>
>   
>
>
>
>        
> ____________________________________________________________________________________
> Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
> http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ