If you like this post, you may subscribe to my RSS feed or email alerts to receive automatic updates in future! Thanks for reading... :-)
A bug in orkut let you add custom images to Orkuts status update feature as shown below…
As you can see OrkutFeeds logo in above screenshot is not a standard smiley which orkut users can add as part of their status updates messages.
Here are steps to to use this bug…
1. Go to your orkut profile and find status update field. Click on edit button…
2. Next put code shown below in it and click update.
<img
src="http://img4.orkut.com/img/smiley/../../images/medium/607105044/71300207/pt.jpg">
Above will add OrkutFeeds logo. Now to add image of your choice…
- It must be on orkut.
- It must be on orkuts image server ex: img4.orkut.com, img3.orkut.com
Now here is the simplest way to put an image on orkuts image server. Upload any image as your profile display-pic or community pic and it will go on orkuts image server of our interest. (Note: Uploading to community is recommended)
Once you find image you are looking for on say orkut community, get its URL. Firefox users can simply right-click on an image and select Copy Image Location option from context menu. [Note: this will not work on profile pictures.]
Now once you have URL where host name is like img4.orkut.com copy entire path from first slash (/) onwards.
Ex.
For URL:
http://img2.orkut.com/images/mittel/1203938171/19587001.jpg
Copy only:
images/mittel/1203938171/19587001.jpg
Now paste copied part between :
<img src=”http://img4.orkut.com/img/smiley/../../ and ”>
So final code will be:
<img src=”http://img4.orkut.com/img/smiley/../../images/mittel/1203938171/19587001.jpg”>
You can put anything before and after final codes. Those who know HTML can easily recognize this img tag.
Copying profile picture requires opening HTML source code or using Backgroundimage Saver addon (firefox only).
Technical Details…
Some of you have noticed strange /../.. in URL. This is a standard hacking technique known as Directory Traversal attack. The goal of this attack is to order an application to access a computer file that is not intended to be accessible. More details about this technique are here.
Now although directory traversal is not so sever thing, its presence may catch eyes of hacker community. As always in past, this may lead to a new XSS hole on orkut. Strangely in my analysis I have found many HTML tags are allowed in status update filed than desired from security point of view!
Nenhum comentário:
Postar um comentário