Patched as of 12/12/2009.


All the test procedure along with snapshot is attached in the mail.

*The vulnerability exists in Video section of orkut. I took following steps
to exploit the vulnerability:

1) Login in Orkut account.
2) In your video section, click on "edit description".
3) Now enter the following script which will create a button named "Click
here",
The script is mentioned in Attached file:-

* *<input name=btnI type=submit value="Click here" class=lsb
"onfocus="alert(123) ">

4) Now as this script is onfocus. So click on that button created by this
script.
5) Now an alert box appear, which shows that the script is executed
successfully.*



Thanks & Regards,
Sanjay Kumar
sanjay1519841@gmail.com