| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Dec 2007 10:21:06 -0800 From: coderman <coderman@...il.com> To: steven@...urityzone.org Cc: Kristian Erik Hermansen <kristian.hermansen@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: Google / GMail bug, all accounts vulnerable On Dec 12, 2007 10:05 AM, Steven Adair <steven@...urityzone.org> wrote: > ... > I guess I am not understanding why this is considered to be a big CSRF > issue. big is relative. i call it funny colored medium to small medium... > ... You cannot send/delete e-mail or take > any real actions can you? let us ponder this: CSRF icon in your bookmarks to lure you. XSS in google spreadsheet, chat, $service. they meet fortuitously in a black hat tryst and your browser is a sock puppet (to goog) all the live long day... to beat this dead horse one more time: - the favicon behavior introduces some useful / interesting vectors not previously discussed - the ability of CSRF is much less interesting than application of CSRF. maybe much ado about nothing, maybe materia to junction in the chamber of your sploit cannon...??? > Let's keep in > mind that these redirects keep the HTTP referer field in tact. not always, see http/https transitions and browser specific 301/302 fast redirect behavior... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists