Sunday, September 26, 2010

XSSed Orkut after Twitter after Facebook <xss/>

'Are you social?'
ohhh... let me rephrase it 'Are you net-social?'
yeah... then how much socially secure are you when the plain-text attacks are htting millions.

2 months back with Facebook
now almost treated as synonym of Social Networking, and more than 400 million active users... Facebook was exposed to be vulnerable of a XSS vulnerability instead of proper implementation of HTTPOnly cookie protection as that doesn't count for XSS. The PoC video is being linked below along with article.

Last Week with Twitter
the microblogging favorite of masses, and offering a newer promising UX... Twitter accidently resurfaced the XSS hole while site update procedure. Famous as 'onMouseOver' flaw simply injected the XSS code as tweet to execute the function on mouse hover event by victim

Previous Day with Orkut
previous day was a 'Good Saturday' (i.e. what 'Bom Sabado' means in Portugese) 'scrapping' off the privacy of Orkut Users. This attack is supposed to originate from Brazil and compromised enormous Orkut accounts in a span of few hours. The code with details can be viewed at the link below.

No comments:

Post a Comment