[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46934143.8070104@gmail.com>
Date: Tue, 10 Jul 2007 16:20:19 +0800
From: Deeþàn Chakravarthÿ <codeshepherd@...il.com>
To: Joseph Hick <leet16y@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google/Orkut Authentication/Session
Management Issue PoC - Interim Results
Joseph Hick wrote:
> This is the interim result of a proof of concept for
> Google Authentication issues posted in the threads...
>
> 1.)
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
> (Orkut Server Side Management Error by Susam Pal &
> Vipul Agarwal)
>
> 2.)
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
> (Google Re-authentication Bypass by Susam Pal)
>
> A session was created in Orkut at about Sat Jun 30
> 20:30 UTC 2007. Between June 30 and now many have
> hijacked this session and logged out many times but
> the session is alive today as verified on Sun Jul 8 at
> 09:43:10 UTC 2007. The cookie for this PoC session is
> ...
>
> Name: orkut_state
> Cookie:
> ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
> Domain: .www.orkut.com
> Path: /
> Send for: Any type of session
> Expires: Expire at end of session
>
> This proves that the session remains alive for at
> least 7 days after logging out. Steps to verify
> this...
>
> 1.) Open Firefox, etc. which allows cookie editing.
> This extension is required...
> https://addons.mozilla.org/en-US/firefox/addon/573
>
> 2.) Set the given cookie.
>
> 3.) Try to visit http://www.orkut.com/Home.aspx
>
> 4.) You will be automatically logged in with my
> account. It will not ask for any user-name or
> password.
>
> 5.) Logout
>
> 6.) Repeat steps 1. to 4. You can log in again.
>
> I want to see how long this session remains alive
> after multiple logout. If you try this POC leave a
> message in the scrapbook of the account here ...
> http://www.orkut.com/Scrapbook.aspx
>
> Thanks
> Joseph
>
>
It works great. But I am not able to find a similar cookie for my account.
Am I missing something ?
Thanks
Deepan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists