| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4301136.10151158826723636.JavaMail.root@mail.bbsbec.org> Date: Thu, 21 Sep 2006 13:48:43 +0530 (IST) From: Ajay Pal Singh Atwal <ajaypal@...bec.org> To: Pranay Kanwar <warl0ck@...aeye.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Orkut Phishing Attack Old bug in old bottle This is an often discussed bug in FD ----- Pranay Kanwar <warl0ck@...aeye.org> wrote: > orkut is an on line community that connects people through a network > of > trusted friends. > The login url looks like this > > https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/ > > After successfully logging in the user is redirected to > http://www.orkut.com > The url in the done argument can be changed to redirect to arbitrary > website. > for example > https://www.orkut.com/GLogin.aspx?done=http://www.metaeye.org > after logging in the user will be directed to metaeye.org > -- Sincerely Ajay Pal Singh Atwal _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists