Re: [Full-disclosure] Orkut URL Redirection Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did you notify orkut?

keyshor wrote:
Hi All,

I have found url redirection vulnerability on www.orkut.com
<http://www.orkut.com>.

If a user clicks on a malicious link he/she will redirect to an
attackers website. The attacker can capture the valid
username,password and then redirect a user to original orkut
website.

Proof Of Concept:

Original Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F




Maliciously Crafted Link:

https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com





-- Kishor Sonawane keyshor@xxxxxxxxx <mailto:keyshor@xxxxxxxxx>

----------------------------------------------------------------------




_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


- --

Regards,
Adriel T. Desautels
SNOsoft Research Team
Office: 617-924-4510 || Mobile : 857-636-8882

----------------------------------------------
Vulnerability Research and Exploit Development

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFFACCQf3Elv1PhzXgRAjlbAJ9Joc/B5a0n8rYqsGp8uIjpYFDiqgCfaDYS
L4ojR/ypgyLSdcmhtXQQ6KU=
=tqUD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/