In a moment of excitement for our readers via HTMLorkut, there is a bad news coming in from Orkut Applications. Remember the history created by Rodrigo Lacerda last year? He created a fresh community and in just 12 hours it had 4,00,000 members in it already joined! How did he achieved this? Well, it’s the magic of XSS!
This function will trigger your profile visitor’s browser to automatically show up and alert saying “alert this!!”. You can easily change that to “why are you spying?”, etc. if you want to. Just fool up your friends around…..
It seems that Orkut has learned nothing from Rodrigo’s experience and is again compromising the Security of it’s esteemed users by allowing more and more orkut applications without appropriate security tests. Let’s hope this hole is fixed up soon. Till then, stop browsing unknown profiles – A danger might be waiting for you!
Update 20.7.08 – This flaw has been fixed.
Thanks : Miguel Targa