orkutXSS.txt

2006-05-22T00:00:00
ID PACKETSTORM:46458
Type packetstorm
Reporter Rohin Koul
Modified 2006-05-22T00:00:00

Description

                                        
                                            `Hi,  
I found this little XSS thing with the search.aspx page of orkut.com.  
The page uses GET method to get user criteria for searching the  
profiles of people.  
The fields textboxAgeFrom and textboxAgeTo in the URL are not verified  
and one can inject any html code using these parameters.  
Proof of concept  
http://www.orkut.com/Search.aspx?q=&checkPhoto=on&dropdownLocation=1&textboxZip=&textboxAgeFrom=&textboxAgeTo=%3Cinput+type%3Dsubmit+onclick%3Djavascript%3Aalert%28%27a%27%29%3E&dropdownDating=choose&degree=radioAll&hiddenState=&hiddenCountry=91&view=&pno=1  
  
Note: You should be logged in to orkut to access this page.  
  
--   
"if you don't know where you are going,  
what difference does it make,which path you take"  
---Cheshire Cat  
`