| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Sep 2006 09:37:21 -0400
From: Adriel Desautels <simon@...soft.com>
To: keyshor <keyshor@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Orkut URL Redirection Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Did you notify orkut?
keyshor wrote:
> Hi All,
>
> I have found url redirection vulnerability on www.orkut.com
> <http://www.orkut.com>.
>
> If a user clicks on a malicious link he/she will redirect to an
> attackers website. The attacker can capture the valid
> username,password and then redirect a user to original orkut
> website.
>
> Proof Of Concept:
>
> Original Link:
>
> https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
>
>
>
>
> Maliciously Crafted Link:
>
> https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com
>
>
>
>
>
> -- Kishor Sonawane keyshor@...il.com <mailto:keyshor@...il.com>
>
> ----------------------------------------------------------------------
>
>
>
>
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
- --
Regards,
Adriel T. Desautels
SNOsoft Research Team
Office: 617-924-4510 || Mobile : 857-636-8882
----------------------------------------------
Vulnerability Research and Exploit Development
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFFACCQf3Elv1PhzXgRAjlbAJ9Joc/B5a0n8rYqsGp8uIjpYFDiqgCfaDYS
L4ojR/ypgyLSdcmhtXQQ6KU=
=tqUD
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists