[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b2c62b170707100214y21dc15acw15327154db89b80b@mail.gmail.com>
Date: Tue, 10 Jul 2007 14:44:44 +0530
From: "Neeraj Agarwal" <nee.agl@...il.com>
To: "Deeþàn Chakravarthÿ" <codeshepherd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google/Orkut Authentication/Session
Management Issue PoC - Interim Results
my firnd got my session cookie a day before yesterdy..
is there any method i can stop him by using my orkut account?
On 7/10/07, Deeþàn Chakravarthÿ <codeshepherd@...il.com> wrote:
>
> Joseph Hick wrote:
> > If you sign into orkut.com then enter orkut in the
> > filter box then you will see some orkut cookies. Look
> > for orkut_state in www.orkut.com site.
> >
> > It will work if you are logged in. if you log out
> > orkut_state cookie disappears but the session remains
> > active in orkut.com server. So a big problem is
> > happening in orkut. when attackers stole some cookies
> > using XSS attacks earlier they were misusing the
> > accounts after owner of account logged out. This
> > problem is happening because after owner of account
> > logged out the session remained active.
> >
> > In other sites like yahoo this is not possible because
> > the session deactivates in the server after owner of
> > account logs out.
> >
> >
> Hi Joseph,
> Thanks, I was looking for the cookie after logging off.
> Thanks
> Deepan
> > --- Deeþàn Chakravarthÿ <codeshepherd@...il.com>
> > wrote:
> >
> >> It works great. But I am not able to find a similar
> >> cookie for my account.
> >> Am I missing something ?
> >>
> >> Thanks
> >> Deepan
> >>
> >>
> >
> >
> >
> >> Joseph Hick wrote:
> >>
> >>> This is the interim result of a proof of concept
> >>>
> >> for
> >>
> >>> Google Authentication issues posted in the
> >>>
> >> threads...
> >>
> >>> 1.)
> >>>
> >>>
> > http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
> >
> >>> (Orkut Server Side Management Error by Susam Pal &
> >>> Vipul Agarwal)
> >>>
> >>> 2.)
> >>>
> >>>
> > http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
> >
> >>> (Google Re-authentication Bypass by Susam Pal)
> >>>
> >>> A session was created in Orkut at about Sat Jun 30
> >>> 20:30 UTC 2007. Between June 30 and now many have
> >>> hijacked this session and logged out many times
> >>>
> >> but
> >>
> >>> the session is alive today as verified on Sun Jul
> >>>
> >> 8 at
> >>
> >>> 09:43:10 UTC 2007. The cookie for this PoC session
> >>>
> >> is
> >>
> >>> ...
> >>>
> >>> Name: orkut_state
> >>> Cookie:
> >>>
> >>>
> >
> ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
> >
> >>> Domain: .www.orkut.com
> >>> Path: /
> >>> Send for: Any type of session
> >>> Expires: Expire at end of session
> >>>
> >>> This proves that the session remains alive for at
> >>> least 7 days after logging out. Steps to verify
> >>> this...
> >>>
> >>> 1.) Open Firefox, etc. which allows cookie
> >>>
> >> editing.
> >>
> >>> This extension is required...
> >>> https://addons.mozilla.org/en-US/firefox/addon/573
> >>>
> >>> 2.) Set the given cookie.
> >>>
> >>> 3.) Try to visit http://www.orkut.com/Home.aspx
> >>>
> >>> 4.) You will be automatically logged in with my
> >>> account. It will not ask for any user-name or
> >>> password.
> >>>
> >>> 5.) Logout
> >>>
> >>> 6.) Repeat steps 1. to 4. You can log in again.
> >>>
> >>> I want to see how long this session remains alive
> >>> after multiple logout. If you try this POC leave a
> >>> message in the scrapbook of the account here ...
> >>> http://www.orkut.com/Scrapbook.aspx
> >>>
> >>> Thanks
> >>> Joseph
> >>>
> >>>
> >>>
> >
> >
> >
> >
> >
> >
> >
> ____________________________________________________________________________________
> > Get the free Yahoo! toolbar and rest assured with the added security of
> spyware protection.
> > http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists