[karan]

lol now dis is my own tut.........
There was a bug few days ago in new orkut
Some of big community like Stanford was hacked back then
So here is the post how it was hacked
The attacker transfers a dummy community to himself
Then he start capturing what data proceed during the transfer
By this attacker uses a Firefox addon called “Live HTTP Headers”
after attacker get the data,
he is gonna reply it, but now here comes the trick..
page: http://www.orkut.com/gwt/Multiplexer
(some headers and your cookie)
here attacker use a post method to exploit it
14:/gwt/Community;187:6|1|8|http://static2.orkut.com/gwt/|6E89A904B6A074F9B60FB765907BD88F|_|acceptRejectCommTransfer
|I|Z|2d|1HbEBkI9mrJmPkIUoIgFOun6gFo:1283099620918|1|2|3|4|4|5|6|5|7|
XXXXXXXX|1|XXXXXXXX|8|\n
The first XXXXXXXX is the community ID and 2nd one is attacker UID
So he just community ID to the victim community and post a request
And bingo, community is hacked
But this thing is patched by google within hours but keep an eye on it..credit goes to me...

[1234hotmaster]

not even this one is your own tut -.-

http://www.hackingdiscussion.com/2010/09...e-careful/