Wednesday, July 18, 2007

Another Bug




Hi i am google helper. Did you find nay thing strange in the above pic that i took .No then look carefully & read along.

Here is the inbox of VVK Chandra .No he did'nt give me i got it. What i hacked his account..... no. Just read along.


Here is a nother security bug that V V K Chandra. of webgeekblog found . This is what he has to say...

When I was going through full referrer logs of one of my websites, I found an interesting bug in Orkut. This reminds me why web application security is really complex and how even experts can just make simple security mistakes. If you are a web developer you can really learn few important things from this article.

The bug is actually in the message displaying page. The messages in users inbox in Orkut are displayed using a GET URL. An example URL is given below.

http://www.orkut.com/Messages.aspx?msg=U0021321099%2FIB%2F0967206640%2FU0021321099&fld=IB&debug=&na=3&nid=U0021321099%2FIB%2F0966619098%2FU0032854730&nst=21

If you are logged into Orkut you can read a message I have sent to a community, just by visiting the above link. You can view the message till I delete it from my inbox or till the bug is fixed. This is the case for any of the messages in your Orkut inbox. If someone can get the URL of the message they can read the message even though the message is not from their inbox.

How did I find it?


One of the Orkut users has sent a message to his friends where he has put a link to one of my websites. When checking full referrer logs of my website I happened to see a URL something like the above mentioned one. Out of curiosity I opened it and was able to read the message which I am not supposed to see.

Ok, you might ask me how one can guess a complex URL and see someone else’s message.To make the issue simpler, the message URLs are actually stored in the history of the web browser, because they are simple GET requests from the browser. So, all the messages read on a particular computer can be accessed using the history of the web browser. You can read the messages using the links from the history even though the messages are not from your inbox.

Personally I think this is a serious issue that needs to be fixed. A lot of users in India use Orkut from public internet cafes. If the browser history is not cleared, then anyone can read the Orkut messages you have read on a particular computer. Though users may not exchange potential information using Orkut messages, this bug needs to be fixed because this is not an expected behavior for any website.

If we go into technical details of the bug, from my experience this happens when you don’t put a check on the message being shown is intended for the user who is viewing or not. May be for some programming ease Orkut developers might have neglected this........

I have notified Orkut about this and waiting to hear from them.

0 comments:

Post a Comment