Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance

原创 2007年09月27日 02:57:00


From ZDNet

Hackers expose holes in GMail, search applianceGoogle’s security model is not holding up very well to scrutiny from hackers.

In the past few days, there have been multiple disclosures of security vulnerabilities in a wide range of Google products, including a persistent e-mail theft issue affecting the widely used GMail service.

The unpatched GMail bug, which was demonstrated for me by hacker Petko D. Petkov, is particularly nasty because of the way the exploit works without any user action and the fact that it’s difficult for the average GMail user to know that e-mails are being stolen.

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

The attack technique is known as cross-site request forgery (CSRF) and has haunted Google in the past. Earlier this year, the company was forced to correct a similar flaw after details leaked out on an issue that put GMail contact lists at risk.

Google Search Appliance users at risk:

Hackers expose holes in GMail, search applianceSeparately, a Romanian security researcher has published details of a cross-site scripting bug affecting users of the enterprise-facing Google Search Appliance.

Mustlive, the hacker behind the Month of Search Engine Bugs project, published a proof-of-concept and a Google dork to demo the attack — and expose businesses using the search appliance.

Google (Blogspot) Polls vulnerability

A third issue has been disclosed at Beford.org to show how a cross-site scripting bug in Google’s Blogspot Polls could allow the hijacking of sensitive information.

The ‘font’ parameter was not being sanitized before being used inside an STYLE tag, so you could inject IE’s expression() and Mozilla’s -moz-binding.

Several proof-of-concepts — this one hijacks your Google contacts, this one intercepts incoming GMail — are publicly available. (IMPORTANT NOTE: clicking on those links while logged into Google Accounts might not be such a good idea).

An exploit against Picasa

Google’s Picasa photo-sharing software and Web service is also vulnerable to an exploit scenario that uses a combination of cross-site scripting, cross-application request forgery and URI handler weakness to steal photographs from the victim’s hard drive.

Technical details of the Picasa issue have been released by Billy Rios and Nate McFeters.

Finally, there’s a cross-site scripting bug in Google’s Urchin Analytics service that can be exploited to steal user credentials. An explanation of this vulnerability has been published by Adrian Pastor.

Google Search APK can not work on android 4.2

问题描述:google search apk will crash when clicking the microphone button to run the voice search.It is ...

UISearchDisplayContoller – can't prevent table reload on typing in search bar

  • feosun
  • feosun
  • 2012年06月29日 18:00
  • 667

(Redirect)How to create my own Corporate intranet(Site Definition In MOSS 2007)?(http://hermansberghem.blogspot.com/2008/04/crea

http://hermansberghem.blogspot.com/2008/04/creating-corporate-intranet-using-moss.htmlHow to create ...

UE4 Expose On Spawn 的使用

在UE4中,当我们在spawnactor时候想直接给产生出来的actor赋予一些变量的初始值时候,就需要使用到Expose On Spawn这个功能。根据使用环境和位置,分下边几种情况。       ...

Failed to connect to VMware Lookup Service on VMware vCenter Virtual Appliance

Failed to connect to VMware Lookup Service on VMware vCenter Virtual Appliance I’ve been rebuildi...

Google Gson 字段过滤:@Expose

Google Gson 字段过滤:@Expose

【完美解决系列】duplicate entry: com/google/gson/annotations/Expose.class

项目在引入Retrofit2时,运行项目时会报出以下错误:Error:Execution failed for task ':app:transformClassesWithJarMergingFor...

Unity Interface Serialization-Expose Interface field In Inspector

This arctile will tell you how to expose Interface field In Inspector,and serialize it.
  • cubesky
  • cubesky
  • 2014年10月10日 16:35
  • 1535
您举报文章:Bullseye on Google: Hackers expose holes in GMail, Blogspot, Search Appliance