RES: [WEB SECURITY] XSS worm attacking Google?
denny at batori.com.br
Sun Dec 10 05:14:35 EST 2006
Brazilian specialists in security application discover some vulnerabilities
in the Orkut. In Brazil, the Orkut is very popular.
Vulnerability allows to modify legends of photos of the Orkut.
Users can modify the credits in albums of photos of any integrant of the
virtual community of the Google.
1 - It makes login in the Orkut and visits the photo album of its victim.
I will choose the photo that it desires to edit the legend and click in
seeing photo entire.
2 - It looks at the address of the page in the bar of addresses (that
place where you place the address of the site that you want to go). In this
example, the address of the entire photo in the album is:
3 - It changes the word AlbumZoom for AlbumEdit.
It presses ENTER and
Soon! You are in the edition page of the photo.
Worm arrives at the camouflaged PC as message of scrap of the Orkut
Profiles of the service had been white of false messages that directed the
user for an archive .exe that, after installed, it stole personal data of
These are some examples. Exist many cases registered in Brazil.
All the discovered vulnerabilities, are corrected.
Batori Software & Security
+55 (11) 5084.0071
Fundada em 1997, a Batori Software & Security é reconhecida por ser uma
empresa altamente especializada em Segurança da Informação.
As boas práticas de segurança implementadas nos projetos desenvolvidos pela
Batori Software & Security, permitiram a criação da metodologia proprietária
BSM, em conformidade com a ISO 17799 e ISO 15408.
Nossa equipe desenvolve, mantém, e disponibiliza sem custos, uma coleção de
documentos de pesquisa sobre vários aspectos de Segurança da Informação.
De: Kuai Hinojosa [mailto:kuai.hinojosa at gmail.com]
Enviada em: domingo, 10 de dezembro de 2006 02:04
Para: pdp (architect)
Cc: Billy Hoffman; Web Security
Assunto: Re: [WEB SECURITY] XSS worm attacking Google?
That is not spanish that is portuguese. Thanks for sharing this information
On 12/9/06, pdp (architect) < <mailto:pdp.gnucitizen at googlemail.com>
pdp.gnucitizen at googlemail.com> wrote:
Nice find. It seams that it is written by someone who speaks Spanish.
There was a discussion on sla.ckers.org about a vulnerability in orkut
I think... or was that somewhere else. Anyway, it is funny that
attackers came with this worm so quick since that is only a two week
old finding. It seams that bad guys start realising the power of XSS
worms and their destructive potential. This is not a good news!
On 12/9/06, Billy Hoffman < <mailto:Billy.Hoffman at spidynamics.com>
Billy.Hoffman at spidynamics.com> wrote:
> I was running through some proxy logs, and saw a reference to
> Requesting redirected me to a blacklist of what look like phishing
> sites. However, all the way at the bottom was a reference to Google's
> Orkut site. Specficially the blacklist entry was for a GET-based XSS
> attack against Google's GLogin system.
> If you request that URL, you get a 403 error page saying your query is
> from an automated attack. Looks very similar to a page Google returned
> during the Perl.Santy attack a year or so back.
> Billy Hoffman
> Lead Researcher, SPI Labs
> SPI Dynamics Inc. - http://www.spidynamics.com
> Phone: 678-781-4800
> Direct: 678-781-4845
> The Web Security Mailing List:
> The Web Security Mailing List Archives:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
pdp (architect) | petko d. petkov
The Web Security Mailing List:
The Web Security Mailing List Archives:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity