[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in orkut.com

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in orkut.com
From: "Rohin Koul" <rohin.koul@xxxxxxxxx>
Date: Mon, 15 May 2006 22:45:37 +0530

Hi,
I found this little XSS thing with the search.aspx page of orkut.com.
The page uses GET method to get user criteria for searching the
profiles of people.
The fields textboxAgeFrom and textboxAgeTo in the URL are not verified
and one can inject any html code using these parameters.
Proof of concept
http://www.orkut.com/Search.aspx?q=&checkPhoto=on&dropdownLocation=1&textboxZip=&textboxAgeFrom=&textboxAgeTo=%3Cinput+type%3Dsubmit+onclick%3Djavascript%3Aalert%28%27a%27%29%3E&dropdownDating=choose&degree=radioAll&hiddenState=&hiddenCountry=91&view=&pno=1

Note: You should be logged in to orkut to access this page.

--
"if you don't know where you are going,
what difference does it make,which path you take"
---Cheshire Cat

Follow-Ups:
- Re: XSS in orkut.com
  - From: Google Security Team

Prev by Date: Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space
Next by Date: Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
Previous by thread: [SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
Next by thread: Re: XSS in orkut.com
Index(es):
- Date
- Thread