New Attack on orkut! User gets logged out by just opening scrapbook!

by Rahul Bansal (492) on 19 December, 2007 | Categories : Hacks, Orkut

ADVERTISEMENTS

Hackers discovered most serious bug on orkut and that’s too orkut’s most accessed area - scrapbook!

What makes it most serious is that this time user do not need to click or perform any action anywhere to trigger vulnerable codes.

Many users suffered from this. Most of them getting logged out of orkut by just visiting their own scrapbook. Worst they can not delete blank or suspicious scraps either! :-(

The bug is not fixed yet and this can be used by malicious hackers to gain access victims orkut account so details about this bug will be posted after it gets rectified, till then lets use following solution to save yourself!

Objective: Blocking flash content [on orkut atleast]  Flashblock

# Firefox User:

Internet Explorer:

  • Go to the Tools Menu -> Internet Options
  • Click on the Security tab
  • Click on Custom Level
  • Disable Run ActiveX controls and plug-ins

image

 

Additionally delete scraps from your scrapbook if you are getting logged out of orkut on just visiting your own scrapbook!

Thanks Kee Hinckley for timely post on issue!

Share and Enjoy:
  • Digg
  • del.icio.us
  • IndianPad
  • StumbleUpon
  • Technorati
  • YahooMyWeb
  • Furl
  • Reddit
  • Google
  • TwitThis
  • Facebook
  • Slashdot
  • SphereIt
  • blogmarks
  • MisterWong

If you like this post, you may subscribe to my RSS feed or email alerts to receive automatic updates in future! Thanks for reading... :-)

Comment RSS · TrackBack URI

7 Comments (including Pingbacks/Trackbacks) so far »

  1. #
    mankie on December 22, 2007

    thnx devil!!

    Reply
  2. #
    Rahul Bansal on December 27, 2007

    @mankie
    First Sorry for late reply as I went offline for Xmas vacations! :-(

    Now its really good to hear from one of oldest Devil here… ;-)
    By d way not hearing much about u…
    If you missed it… we have opened this blog so that anyone can join and post now!

    wishin you merry xmas and a very happy new year!
    -Rahul

    Reply
  3. #
    shitu on December 28, 2007

    this i not a bug you can also block scrapbook by going here

    Reply
  4. #
    Rahul Bansal on December 29, 2007

    @Shitu
    How do u define a bug?
    And your post has same code as in this post! :D

    Reply
  5. #
    meha on July 23, 2008

    i can’t able to post scrap,in the left most bottom it says -javascript void 0,but i have even enable javascript still having same stupid problem since 6 months.you really have to sort out my problem as soon as possible.otherwise i will become bad towards orkut.

    Reply
  6. #
    Rahul Bansal on July 24, 2008

    @Meha
    6 months is too much…

    Try this thing first with 12 hours gap atleast…
    Log into your account from different PC or browser and try to post a scrap.
    If error comes again, then it means your account is disabled by Orkut.
    In that case you can only delete it and create a new account. :-(
    Also the problem is not with orkut. Its problem with your PC and some virus/script on it.

    Reply

Leave a Comment

 Name (Required)
 E-mail (Required)
 Website

Comment:

  OR Use forum if posting unrelated to this topic.
[Note: All comments will be moderated as per our comments policy.]

Subscribe without commenting


1 Trackbacks/Pingbacks

  1. Orkut Scrapbook XSS Bug is Still Active! | Welcome To Rahul Bansals Workshop on December 21st, 2007