Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Google/Orkut Authentication Issue PoC

from [Joseph Hick] Network Security [Permanent Link]
Subject: [Full-disclosure] Google/Orkut Authentication Issue PoC
Date: Sat, 30 Jun 2007 13:40:37 -0700 (PDT) 
This is a proof of concept for Google Authentication
issues posted in the threads...

1.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
(Orkut Server Side Management Error by Susam Pal &
Vipul Agarwal)

2.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
(Google Re-authentication Bypass by Susam Pal)

I found that after logging out Google session doesn't
expire in 24 hours. It is longer. I am doing this
experiment to see how long the session remains alive
after logging out.
    
I am posting a session cookie for my account.

Name: orkut_state
Cookie:
ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
Domain: .www.orkut.com
Path: /
Send for: Any type of session
Expires: Expire at end of session

I have logged out but you can use this cookie in this
way... (anyone can try this. You don't need Orkut
account to try this)

1.) Open Firefox, etc. which allows cookie editing.
This extension is required...
https://addons.mozilla.org/en-US/firefox/addon/573

2.) Set the given cookie.

3.) Try to visit http://www.orkut.com/Home.aspx

4.) You will be automatically logged in with my
account. It will not ask for any user-name or
password.

5.) Logout

6.) Repeat steps 1. to 4. You can log in again.

I want to see how long this session remains alive
after multiple logout. If you try this POC leave a
message in the scrapbook of the account here ...
http://www.orkut.com/Scrapbook.aspx

Thanks
Joseph


       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play 
Sims Stories at Yahoo! Games.
http://sims.yahoo.com/  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Google/Orkut Authentication Issue PoC, Joseph Hick <=
Previous by Date:  Re: [Full-disclosure] Rutkowska faces ‘100% undetectable malware’ challenge, teasing?, Trey Keifer
Next by Date:  Re: [Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities, Joseph Hick
Previous by Thread:  [Full-disclosure] Rutkowska faces â100% undetectable malwareâ challenge, teasing?, Bipin Gautam
Next by Thread:  [Full-disclosure] iPhone Roadblock, matthew wollenweber
Indexes:  [Date] [Thread] [Top] [All Lists]