Orkut Cross Site Scripting

2009-12-15T00:00:00
ID PACKETSTORM:83881
Type packetstorm
Reporter Sanjay Kumar
Modified 2009-12-15T00:00:00

Description

                                        
                                            `Patched as of 12/12/2009.  
  
  
All the test procedure along with snapshot is attached in the mail.  
  
*The vulnerability exists in Video section of orkut. I took following steps  
to exploit the vulnerability:  
  
1) Login in Orkut account.  
2) In your video section, click on "edit description".  
3) Now enter the following script which will create a button named "Click  
here",  
The script is mentioned in Attached file:-  
  
* *<input name=btnI type=submit value="Click here" class=lsb  
"onfocus="alert(123) ">  
  
4) Now as this script is onfocus. So click on that button created by this  
script.  
5) Now an alert box appear, which shows that the script is executed  
successfully.*  
  
  
  
Thanks & Regards,  
Sanjay Kumar  
sanjay1519841@gmail.com  
`