Blog Redesigning In Progress

Orkut still vulnerable to the scrapbook XSS bug the social networking site from Google is still very much exposed to the XSS bug. Although on orkut's official blog the orkut team states that they have fixed the bug and the new features of the orkut scrapbook cannot be exploited anymore, but the problem still seems to be at large. As per the orkut team "..We believe that this action has been effectively stopped" but here below I am sharing a small script that does the trick on your orkut scrapbook.

If someone copies the below script and sends you a scrap in your scrapbook, you automatically are logged out of orkut. And even if you try login again and go to your scrapbook, you are logged out again. I would suggest not trying this with your friends, because if you do so.. they might not know how to delete your scrap and could never come out of this problem.

Here is the script, which when copy pasted in your friends scrapbook. does the trick

Also there is a method of avoiding these kinds of XSS bug in your scrapbook and also there is a method by which one can delete these kind of scraps (Will write about it latter some time).

Update: The Orkut team has fixed up the security bug.. the trick is no more valid from Jan 2008

Post a Comment


arvind said…
oh..nice post ...was quite oblivious about it..
Pepperfry [CPS] IN PizzaHut [CPS] IN