Orkut Apps Live for Brazilian Users – They Smack Orkut With a XSS Hole for the Delay

In a moment of excitement for our readers via HTMLorkut, there is a bad news coming in from Orkut Applications. Remember the history created by Rodrigo Lacerda last year? He created a fresh community and in just 12 hours it had 4,00,000 members in it already joined! How did he achieved this? Well, it’s the magic of XSS!

Idea Box is a popular Application on Orkut aimed at showcasing and discussion of your unique ideas with the world! Recently, an XSS hole has been discovered in it which permits the execution of JavaScript in Orkut Profiles. For a basic knowledge of XSS read out this short FAQs section by cgisecurity.com

Here’s a simple alert() function of JavaScript used in the screenshot below.

This function will trigger your profile visitor’s browser to automatically show up and alert saying “alert this!!”. You can easily change that to “why are you spying?”, etc. if you want to. Just fool up your friends around…..

It seems that Orkut has learned nothing from Rodrigo’s experience and is again compromising the Security of it’s esteemed users by allowing more and more orkut applications without appropriate security tests. Let’s hope this hole is fixed up soon. Till then, stop browsing unknown profiles – A danger might be waiting for you!

Update 20.7.08 – This flaw has been fixed.

Thanks : Miguel Targa

Gaurav KalraUpcoming Orkutter8 Points
Gaurav has written 8 Articles, posted 2 Comments.

this ad is sponsored by the author (learn more)
this ad is sponsored by the author (learn more) Write for Orkut Plus!


Tags - Cross Site Scripting, Orkut Alerts, Privacy, Security, Tips

  3 Comments on this Article.

  1. सौरभ says:


  2. Anonymous says:

    the bug has been fixed..

  3. deMonOiD says:


Leave a Reply