Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: Orkut Email Address Disclosure Vulnerability

Re: Orkut Email Address Disclosure Vulnerability

From: Ronald MacDonald <ronald_at_rmacd.com>
Date: Thu, 7 Dec 2006 22:07:19 +0000

Hi Rajesh,

> Description:
> A remote attacker can get the email address of anyone in the orkut as
> demonstrated below. The victim interaction is not required at all.
>
> Demonstration:
> Note: Demonstration leads to email address information disclosure
> - Login to your orkut account
> - Add any user as your friend (Person you want to get email address)
> - Click 'friends' tab
> - Click 'open friend requests' tab
> - Click edit button the email address of the user will be displayed
> as in the screenshot
> Same way your can find your friends email address also

It's not an 'exploit' but a 'feature' of the portal that orkut uses on
its website, and is no more serious than posting your email address on
a mailing list.

Regards,
Ronald. 

-- 
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 07 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]