Reporter Sanjay Kumar
`Patched as of 12/12/2009.
All the test procedure along with snapshot is attached in the mail.
*The vulnerability exists in Video section of orkut. I took following steps
to exploit the vulnerability:
1) Login in Orkut account.
2) In your video section, click on "edit description".
3) Now enter the following script which will create a button named "Click
The script is mentioned in Attached file:-
* *<input name=btnI type=submit value="Click here" class=lsb
4) Now as this script is onfocus. So click on that button created by this
5) Now an alert box appear, which shows that the script is executed
Thanks & Regards,