Monday, March 12, 2007

Know thy e-id -2

Orkut service is vulnerable to email address disclosure vulnerability. Due to this It is possible to get email address of any users in orkut. This is caused due to improper designing of orkut portal.
This means that a hacker can get the email address of anyone in the orkut ow. The victim interaction is not required at all.
Note: Demonstration leads to email address information disclosure

  • Login to your orkut account.
  • Add any user as your friend (Person you want to get email address)
  • Click ‘friends’ tab
  • Click ‘open friend requests’ tab
  • Click edit button the email address of the user will be displayed .


Post a Comment