topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 1:42 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Another Google Hole Uncovered  (Read 4571 times)

KenR

  • Super
  • Blogger
  • Joined in 2006
  • ***
  • Posts: 826
    • View Profile
    • Donate to Member
Another Google Hole Uncovered
« on: January 15, 2007, 11:01 PM »
Vulnerabilties identified in Google software!

Hard to believe but true: there’s another vulnerability currently live on Google’s servers, allowing a malicious hacker to point you to a (long) Google.com URL... and then receive your cookie data, with which the hacker can access and modify your Google docs and spreadsheets, and view your email subjects & first words, your search history (if enabled) and much more... similar to the previous vulnerability.

I was able to reproduce the cross-site scripting problem here on Firefox 2, latest stable, and all it took for me was to write a 3-line PHP script, upload it to my server, and adjust the Google URL in question. Then I tested this using two different computers, with different IPs, and was able to steal the cookie and login to Google...

Kenneth P. Reeder, Ph.D.
Clinical Psychologist
Jacksonville, North Carolina  28546
« Last Edit: January 15, 2007, 11:03 PM by KenR »