| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af2a70080710121326v1b941248u2d0bbf99eb937f45@mail.gmail.com> Date: Fri, 12 Oct 2007 14:26:39 -0600 From: "Open Phugu" <openphugu@...il.com> To: "Fabio N Sarmento [ Gmail ]" <fabior2@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: 0day Orkut XSS [ NEW! ] On 10/12/07, Fabio N Sarmento [ Gmail ] <fabior2@...il.com> wrote: > Greetings! > Doing hard searches and working hard seeking for xss holes we finally found! You surely mean ``ass holes''? > The new hole is in the description of the pic, you can put html encode chars > like this. > > & l t ; meta http-equiv="refresh" content="0;url=http://suafakeaqui" & g t ; > > < means < (minus) or open tag. > > means > ( more ) or close tag. > > So you can build great javascripts to stole cookies and whatever you want ;) > > Proof of concept: > > My Profile: > http://www.orkut.com/Album.aspx?uid=4196484633792069568 ( > just a javascript with location.href='mypersonalwebsite.com > ' ) > > Thanks to Pedro Boara ( http://www.suspensa.info ) > > Att; > Fábio N Sarmento > Programmer > São Paulo / Brazil > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists