Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Orkut Email Address Disclosure Vulnerability

From: "Ronald MacDonald" <ronald () rmacd com>
Date: Thu, 7 Dec 2006 22:07:19 +0000
Hi Rajesh,


Description:
A remote attacker can get the email address of anyone in the orkut as
demonstrated below. The victim interaction is not required at all.

Demonstration:
Note: Demonstration leads to email address information disclosure
- Login to your orkut account
- Add any user as your friend (Person you want to get email address)
- Click 'friends' tab
- Click 'open friend requests' tab
- Click edit button the email address of the user will be displayed
  as in the screenshot
Same way your can find your friends email address also


It's not an 'exploit' but a 'feature' of the portal that orkut uses on
its website, and is no more serious than posting your email address on
a mailing list.

Regards,
Ronald.

-- 
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: