Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, December 12, 2006

XSS Hack hits Orkut

More on the vulnerability here. This seems similar to the Orkut Worm we found back in June, but with a few differences. For one thing, this doesn't seem to be purely about financial data theft....yet. However, this doesn't mean the attack sucks - far from it:

A remote attacker can craft a GET request with the XSS payload asdemonstrated below. When the victim clicks on the GET request the payload will get executed which result in stealing of cookie, IP info refer info, browser information, clipboard content, operating system info, hardware Info, modification of page or html injection, url redirection, port scanning of the network, and even phishing is possible.

Whoops. From what I've seen so far, it looks like some of this has already been patched up but as always, stay frosty and all that jazz.

Labels:

posted by paperghost at 9:33 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.