[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2007 10:21:06 -0800
From: coderman <coderman@...il.com>
To: steven@...urityzone.org
Cc: Kristian Erik Hermansen <kristian.hermansen@...il.com>,
full-disclosure@...ts.grok.org.uk
Subject: Re: Google / GMail bug, all accounts vulnerable
On Dec 12, 2007 10:05 AM, Steven Adair <steven@...urityzone.org> wrote:
> ...
> I guess I am not understanding why this is considered to be a big CSRF
> issue.
big is relative. i call it funny colored medium to small medium...
> ... You cannot send/delete e-mail or take
> any real actions can you?
let us ponder this:
CSRF icon in your bookmarks to lure you.
XSS in google spreadsheet, chat, $service.
they meet fortuitously in a black hat tryst and your browser is a sock
puppet (to goog) all the live long day...
to beat this dead horse one more time:
- the favicon behavior introduces some useful / interesting vectors
not previously discussed
- the ability of CSRF is much less interesting than application of
CSRF. maybe much ado about nothing, maybe materia to junction in the
chamber of your sploit cannon...???
> Let's keep in
> mind that these redirects keep the HTTP referer field in tact.
not always, see http/https transitions and browser specific 301/302
fast redirect behavior...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists