XSS Hack hits Orkut
More on the vulnerability here. This seems similar to the Orkut Worm we found back in June, but with a few differences. For one thing, this doesn't seem to be purely about financial data theft....yet. However, this doesn't mean the attack sucks - far from it: Labels: Orkut
A remote attacker can craft a GET request with the XSS payload asdemonstrated below. When the victim clicks on the GET request the payload will get executed which result in stealing of cookie, IP info refer info, browser information, clipboard content, operating system info, hardware Info, modification of page or html injection, url redirection, port scanning of the network, and even phishing is possible.
Whoops. From what I've seen so far, it looks like some of this has already been patched up but as always, stay frosty and all that jazz.
