Orkut suffered from a cross site scripting vulnerability.
db1549deb503e0b9be8f7cda798c073812d06cd25c35097adc9392f8943a4b0fPatched as of 12/12/2009.
All the test procedure along with snapshot is attached in the mail.
*The vulnerability exists in Video section of orkut. I took following steps
to exploit the vulnerability:
1) Login in Orkut account.
2) In your video section, click on "edit description".
3) Now enter the following script which will create a button named "Click
here",
The script is mentioned in Attached file:-
* *<input name=btnI type=submit value="Click here" class=lsb
"onfocus="alert(123) ">
4) Now as this script is onfocus. So click on that button created by this
script.
5) Now an alert box appear, which shows that the script is executed
successfully.*
Thanks & Regards,
Sanjay Kumar
sanjay1519841@gmail.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed