There was a bug few days ago in new orkut

Some of big community like Stanford was hacked back then

So here is the post how it was hacked

The attacker transfers a dummy community to himself

Then he start capturing what data proceed during the transfer

By this attacker uses a Firefox addon called “Live HTTP Headers”

after attacker get the data,

he is gonna reply it, but now here comes the trick..

page: http://www.orkut.com/gwt/Multiplexer

(some headers and your cookie)

here attacker use a post method to exploit it

14:/gwt/Community;187:6|1|8|http://static2.orkut.com/gwt/|6E89A904B6A074F9B60FB765907BD88F|_|acceptRejectCommTransfer|I|Z|2d|1HbEBkI9mrJmPkIUoIgFOun6gFo:1283099620918|1|2|3|4|4|5|6|5|7|XXXXXXXX|1|XXXXXXXX|8|\n

The first XXXXXXXX is the community ID and 2nd one is attacker UID

So he just community ID to the victim community and post a request

And bingo, community is hacked

But this thing is patched by google within hours but keep an eye on it

Popularity: unranked

In this part i m just going to put some of the basic important google dork only that a hacker used

this article is only for educational purpose so if any one misuse it that will not be my responsibility or this blog responsibility

Google queries for locating various Web servers

“Apache/1.3.28 Server at” intitle:index.of

Apache 1.3.28

“Apache/2.0 Server at” intitle:index.of

Apache 2.0

“Apache/* Server at” intitle:index.of

any version of Apache

“Microsoft-IIS/4.0 Server at” intitle:index.of

Microsoft Internet Information Services 4.0

“Microsoft-IIS/5.0 Server at” intitle:index.of

Microsoft Internet Information Services 5.0

“Microsoft-IIS/6.0 Server at” intitle:index.of

Microsoft Internet Information Services 6.0

“Microsoft-IIS/* Server at” intitle:index.of

any version of Microsoft Internet Information Services

Continue Reading

Popularity: 18%

Now HTML is enabled in New Orkut.

so i will tell you step by step how to do that.we need two things first firefox and second new orkut to perform this trick

Step 1

open your profile page in new orkut and click on about me clear all unwanted things from it.

Step 2

go to google and search any picture in example i m searching the picture of jim carry.

go to the images tab you will see many picture of jim carrey

now open any picture as i opened this picture

Step 3

now in that piture tab press ctrl+A after that press ctrl+C

Continue Reading

Popularity: 4%

This is an Important Notice to Hacking Discussion Readers about fakes e-mails from ofserv.alert@icicibank.co.in and so on .. which was notice with subject “ICICI BANK ACCOUNT NOTIFICATION”. It’s an Fake Notice to Steal your Bank Data..
The E-Mail i got today at 3PM with subject line “ICICI Bank Account Notification” Then i went through the e-mail there was the e-mail Description like below :

Continue Reading

Popularity: 9%