Main Area and Open Discussion > Living Room
Another Google Hole Uncovered
(1/1)
KenR:
Vulnerabilties identified in Google software!
Hard to believe but true: there’s another vulnerability currently live on Google’s servers, allowing a malicious hacker to point you to a (long) Google.com URL... and then receive your cookie data, with which the hacker can access and modify your Google docs and spreadsheets, and view your email subjects & first words, your search history (if enabled) and much more... similar to the previous vulnerability.
I was able to reproduce the cross-site scripting problem here on Firefox 2, latest stable, and all it took for me was to write a 3-line PHP script, upload it to my server, and adjust the Google URL in question. Then I tested this using two different computers, with different IPs, and was able to steal the cookie and login to Google...
--- End quote ---
http://blog.outer-court.com/archive/2007-01-16-n24.html
Navigation
[0] Message Index
Go to full version