[Full-disclosure] Orkut URL Redirection Vulnerability

From: keyshor <keyshor@xxxxxxxxx>
Date: Thu, 7 Sep 2006 14:35:33 +0530

Hi All,

I have found url redirection vulnerability on www.orkut.com.

If a user clicks on a malicious link he/she will redirect to an attackers
website. The attacker can capture the valid username,password and then
redirect a user to original orkut website.

Proof Of Concept:

Original Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F

Maliciously Crafted Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com

--
Kishor Sonawane
keyshor@xxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Orkut URL Redirection Vulnerability
  - From: Adriel Desautels

Prev by Date: [Full-disclosure] RE: Cisco IOS GRE issue
Next by Date: [Full-disclosure] SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities
Previous by thread: [Full-disclosure] RE: Cisco IOS GRE issue
Next by thread: Re: [Full-disclosure] Orkut URL Redirection Vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Capital Ones website inadvertently assists phishing
... Capital One's website has an unchecked redirect. ... > regularly screen the Capital One Bank system for unusual activity. ... To protect the security of your account, ...
(Bugtraq)
Re: Network/Routing Question
... Since I am unsure of a way to install OWA to another website, ... I've killed OWA and SBS doing so. ... If your *default* website use remote.domainname.com, and you are thinking of adding a header to the default website then no, this cannot be done. ... And if you create a new site and add a header then you still have to make the default site accessible for the redirect. ...
(microsoft.public.windows.server.sbs)
PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python
... Vulnerability fixed: the vendor did not respond, however a workaround has been included in the "Fix" section of this advisory. ... All Spyce sample scripts that return client-supplied input back to the browser are vulnerable to XSS. ... It is also possible to redirect users to third-party sites and obtain the webroot path by not submitting required parameters to certain scripts. ... Such behaviour can help attackers perform phishing attacks by redirecting the victim to a spoof login page. ...
(Bugtraq)
Re: redirect URL
... I had a somewhat similar problem but my websites were on the same server. ... open the properties screen for that website and click the Home Directory ... "Redirect to:" where you fill in the domain part of the URL that you want to ... $V is a redirect variable and I believe the help in IIS 5 is not working ...
(microsoft.public.sharepoint.portalserver)
Re: A confused noob with some questions.
... www server was a different machine compared to the ftp server, ... And hence the subdomain had it's own IP ... pronounce in several languages, and it has 0 use, so I redirect ... strategy if a website has multiple domain names. ...
(alt.internet.search-engines)