Full Disclosure mailing list archives

Re: 0day Orkut XSS [ NEW! ]

From: "Open Phugu" <openphugu () gmail com>
Date: Fri, 12 Oct 2007 14:26:39 -0600

On 10/12/07, Fabio N Sarmento [ Gmail ] <fabior2 () gmail com> wrote:

Greetings!
Doing hard searches and working hard seeking for xss holes we finally found!

You surely mean ``ass holes''?

The new hole is in the description of the pic, you can put html encode chars
like this.

& l t ; meta http-equiv="refresh" content="0;url=http://suafakeaqui"; & g t ;

&lt; means < (minus) or open tag.
&gt; means > ( more ) or close tag.

So you can build great javascripts to stole cookies and whatever you want ;)

Proof of concept:

My Profile:
http://www.orkut.com/Album.aspx?uid=4196484633792069568 (
just a javascript with location.href='mypersonalwebsite.com
' )

Thanks to Pedro Boara ( http://www.suspensa.info )

Att;
Fábio N Sarmento
Programmer
São Paulo / Brazil
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

0day Orkut XSS [ NEW! ] Fabio N Sarmento [ Gmail ] (Oct 12)
- Re: 0day Orkut XSS [ NEW! ] Open Phugu (Oct 12)