There are several cases like -Sometimes the application may lock out the user to the main page when an operation fails, asking the user to login again, but failing to logout the user while doing it. This could confuse the users into thinking that they logged out.
And Now a hacker can use this stage for hacking the users account.At this stage the "orkut_state" cookie can still be used to login successfully, even if the user logged out. This is probably due to a failure to mark the session as expired on the server side.
How to?-A Technical Description(Never use this info to hack any others account)
On successful Orkut login, the following cookies are set:-
1. Domain: .www.orkut.com Cookie: orkut_state
2. Domain: .google.com Cookie: SID
3. Domain: www.google.com Cookie: LSID
The second and the third cookies are responsible for another flaw which
is described in this advisory. In the login page of Orkut, the login
form appears from google.com in an inline frame and the form inputs are
submitted back to google.com. Hence these cookies are set for the domain
google.com and www.google.com.
If an attacker manages to steal the SID and LSID cookies of the user,
he can gain access to the compromised account even after the user has
been logged out as described in 'Vulnerability' section.
In case of unsuccessful authentication during a session, when the
user finds himself logged out, if he leaves the browser unattended,
a trespasser can login to his account simply by accessing a valid URL
for his account as mentioned in 'Vulnerability' section.
Vulnerability:-
When an Orkut user fails to authenticate himself during a session (say,
while deleting a community), the user is redirected to a login page
where the user has to enter his password to login again. At this stage,
ideally the session should be disabled and should be enabled only after
the user re-authenticates himself. However, the session associated with
SID and LSID cookies remain alive at the server side. Therefore, it is
not safe to abandon the session at this stage. An attacker can set these
cookies in his browser and access the compromised account by visiting
http://www.gmail.com/, https://www.google.com/accounts/ManageAccount,
etc.
Orkut has suffered from other vulnerabilities in the past, including XSS, script insertion, information disclosure, and a worm which propagated malware:
http://en.wikipedia.org/wiki/Orkut#Security_and_safety
0 comments:
Post a Comment