[Full-disclosure] Orkut Phishing Attack
Ajay Pal Singh Atwal
ajaypal at bbsbec.org
Thu Sep 21 09:18:43 BST 2006
Old bug in old bottle
This is an often discussed bug in FD
----- Pranay Kanwar <warl0ck at metaeye.org> wrote:
> orkut is an on line community that connects people through a network
> of
> trusted friends.
> The login url looks like this
>
> https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/
>
> After successfully logging in the user is redirected to
> http://www.orkut.com
> The url in the done argument can be changed to redirect to arbitrary
> website.
> for example
> https://www.orkut.com/GLogin.aspx?done=http://www.metaeye.org
> after logging in the user will be directed to metaeye.org
>
--
Sincerely
Ajay Pal Singh Atwal
Full-Disclosure is hosted and sponsored by Secunia.