[Full-disclosure] Orkut URL Redirection Vulnerability
keyshor
keyshor at gmail.com
Thu Sep 7 10:05:33 BST 2006
Hi All,
I have found url redirection vulnerability on www.orkut.com.
If a user clicks on a malicious link he/she will redirect to an attackers
website. The attacker can capture the valid username,password and then
redirect a user to original orkut website.
Proof Of Concept:
Original Link:
https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
Maliciously Crafted Link:
https://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fattackers_website.com
--
Kishor Sonawane
keyshor at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060907/f1d8d4a3/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.