RSS Feed for This Post

Serious cross-site request forgery vulnerability found in Gmail

Category internet, Tips & Tricks, hitnews | Permalink | 29. September 2007

« Ubuntu New music player - Exaile | Youtube Video Wooden Mirror by DANIEL ROZIN »

Source : arstechnica.com

Security researcher Petko Petkov has revealed a cross-site request forgery vulnerability in Gmail that makes it possible for a malicious web site to surreptitiously add a filter to a user’s Gmail account that forwards e-mail to a third-party address. Petkov’s proof-of-concept exploit for this vulnerability, which has been independently verified but not publicly released, uses a multipart/form-data POST to send instructions to Gmail’s internal API. The vulnerability can only be exploited when the user is currently logged in to the Gmail service.

This is the second major Google security vulnerability to be revealed this week. On Monday, security researcher Fernando Bedford provided a proof-of-concept exploit for a Google cross-site scripting vulnerability in Google’s Blogspot polls API that facilitated e-mail hijacking and address book sniffing. That vulnerability was fixed by Google shortly after it was reported, but it is presently unclear whether or not the vulnerability discovered by Petkov has been fixed yet.

Source and More : arstechnica.com
,

310 Read

Related Posts



Trackback URL

Sociable

TAG

Share Enjoy:
, , , , , , ,
Share and Enjoy: Digg del.icio.us Netvouz DZone ThisNext MisterWong Wists blinkbits BlinkList blogmarks BlogMemes Bumpzee co.mments connotea Furl Ma.gnolia MisterWong.de Reddit Scoopeo Slashdot SphereIt Spurl StumbleUpon YahooMyWeb BlogMemes Cn BlogMemes Fr BlogMemes Jp BlogMemes Sp blogtercimlap Blue Dot Book.mark.hu De.lirio.us DotNetKicks Fark feedmelinks Fleck Gwar Haohao Hemidemi IndiaGram IndianPad Internetmedia kick.ie LinkaGoGo Linkter MyShare Netscape NewsVine PlugIM PopCurrent ppnow RawSugar Rec6 scuttle Shadows Simpy Smarking Taggly TailRank Technorati Webride Wykop