Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Google/Orkut Authentication/Session Management Issue PoC - Interim Results
From: Joseph Hick <leet16y () yahoo com>
Date: Sun, 8 Jul 2007 03:04:29 -0700 (PDT)

This is the interim result of a proof of concept for
Google Authentication issues posted in the threads...

1.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064143.html
(Orkut Server Side Management Error by Susam Pal &
Vipul Agarwal)

2.)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/064300.html
(Google Re-authentication Bypass by Susam Pal)

A session was created in Orkut at about Sat Jun 30
20:30 UTC 2007. Between June 30 and now many have
hijacked this session and logged out many times but
the session is alive today as verified on Sun Jul 8 at
09:43:10 UTC 2007. The cookie for this PoC session is
...

Name: orkut_state
Cookie:
ORKUTPREF=ID=11190574376736842125:INF=0:SET=111236436:LNG=1:CNT=0:RM=0:USR=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:PHS=:TS=1183210062:LCL=en-US:NET=1:TOS=1:GC=DQAAAIMAAAArC-mJYqsrCOnv8uVQHdFUccRFQX8-ibRerEzrie5sOWNc06zs4z4fMNpovLUyRcNXHwxk8WzY6Z6SmvxcSmL1hAW4Mrdvazzkssq5VjSO70oE1HSFR4KOkSb3ZLg-U7k0x8c7ZuLHwu_qY2Umy8oobckg9UctWXYd1qoerXUTzsFSuLNXHdiAEVCSw7fUO00:PE=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:GTI=0:GID=aGlqYWNrbWVwbGVhc2VAZ29vZ2xlbWFpbC5jb20=:VER=2:S=1Ah7VcA0JetHQ0Mgyfp4Jb6meXw=:
Domain: .www.orkut.com
Path: /
Send for: Any type of session
Expires: Expire at end of session

This proves that the session remains alive for at
least 7 days after logging out. Steps to verify
this...

1.) Open Firefox, etc. which allows cookie editing.
This extension is required...
https://addons.mozilla.org/en-US/firefox/addon/573

2.) Set the given cookie.

3.) Try to visit http://www.orkut.com/Home.aspx

4.) You will be automatically logged in with my
account. It will not ask for any user-name or
password.

5.) Logout

6.) Repeat steps 1. to 4. You can log in again.

I want to see how long this session remains alive
after multiple logout. If you try this POC leave a
message in the scrapbook of the account here ...
http://www.orkut.com/Scrapbook.aspx

Thanks
Joseph


       
____________________________________________________________________________________
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
http://new.toolbar.yahoo.com/toolbar/features/norton/index.php

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]