| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e732bf080609070205n36a1cccaybeb636bd00657283@mail.gmail.com>
Date: Thu, 7 Sep 2006 14:35:33 +0530
From: keyshor <keyshor@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Orkut URL Redirection Vulnerability
Hi All,
I have found url redirection vulnerability on www.orkut.com.
If a user clicks on a malicious link he/she will redirect to an attackers
website. The attacker can capture the valid username,password and then
redirect a user to original orkut website.
Proof Of Concept:
Original Link:
https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
Maliciously Crafted Link:
https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com
--
Kishor Sonawane
keyshor@...il.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists