 |
News Item |
0 |
|
|
Hard to believe but true: there’s another vulnerability currently live on Google’s servers, allowing a malicious hacker to point you to a (long) Google.com URL..
and then receive your cookie data, with which the hacker can access and modify your Google docs and spreadsheets, and view your email subjects & first words, your search history (if enabled) and much more..
similar to the previous vulnerability.
I was able to reproduce the cross-site scripting problem here on Firefox 2, latest stable, and all it took for me was to write a 3-line PHP script, upload it to my server, and adjust the Google URL in question.
Then I tested this using two different computers, with different IPs, and was able to steal the cookie and login to Google.
(On computer 1, I was logged into my Google Account, and computer 2 had removed all cookies and was thus logged out of Google.
After computer 1 accessed the “prepared” Google.com URL, computer 2 received the cookies via email.
After reproducing the cookies using the Firefox web developer extension, computer 2 was now logged in to Google with computer 1’s “borrowed” credentials.)
More @ source.
|
»
full story @ source-link: ace
|
| Related Articles: |
»
Super Bowl Site Hacked with Trojan, Keylogger
»
Another Google Hole Uncovered
»
Google Security Hole Allows Account Hijacking
»
How to crash a Windows mobile using MMS
|
|
|
