Main Area and Open Discussion > Living Room

Another Google Hole Uncovered

(1/1)

KenR:
Vulnerabilties identified in Google software!

Hard to believe but true: there’s another vulnerability currently live on Google’s servers, allowing a malicious hacker to point you to a (long) Google.com URL... and then receive your cookie data, with which the hacker can access and modify your Google docs and spreadsheets, and view your email subjects & first words, your search history (if enabled) and much more... similar to the previous vulnerability.

I was able to reproduce the cross-site scripting problem here on Firefox 2, latest stable, and all it took for me was to write a 3-line PHP script, upload it to my server, and adjust the Google URL in question. Then I tested this using two different computers, with different IPs, and was able to steal the cookie and login to Google...

--- End quote ---


http://blog.outer-court.com/archive/2007-01-16-n24.html

Navigation

[0] Message Index