Orkut Hit With XSS! Viewing Albums Dangerous Than Ever!


Orkut has been hit with an Cross Site Scripting attack which allows a malicious user to inject malicious code in to the photo comments feature which when viewed execute the malicious code. This code can steal your cookies hence compromising your privacy.

This hole was prevalent in orkut a few hours back but seems like orkut has taken hold of the bugger. Don’t get into relaxation mode as yet because this bug is still active in Mobile Version of Orkut.

So avoid surfing unknown and known profiles and albums.

If you want to check if the hole is still unfixed, you can check this safe demo as an example. It will pop up an alert. If you want to test it on your own profile, you can copy paste this code (remove ‘\’ before and after your message to get it working) as a comment on any photo in an orkut album and see the live demo.

Be quick, because orkut will fix it very soon and also note, You are responsible for your actions :)

Gaurav DuaOrkut Guru546 Points
22, Webmaster and Businessman. Based in Jammu, J&K – India
Gaurav has written 514 Articles, posted 323 Comments.

this ad is sponsored by the author (learn more)

this ad is sponsored by the author (learn more) Facebook Plus!


Tags - Cross Site Scripting, Orkut Alerts, Orkut News, Privacy, Security, Suggestions

  2 Comments on this Article.

  1. I would actually recommend people to keep a safe distance from Unknown Albums for a while till the bug gets fixed. coz I heard the famous “Rodrigo Lacerda Worm” is working in the XSS and More profiles are getting compromised.

  2. Saurabh A.K.A. James says:

    I was the first one to be affected by this virus :P

Leave a Reply