lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <c7b40f9d0804181513l520ed861v5fb1813f27bb9c70@mail.gmail.com>
Date: Sat, 19 Apr 2008 04:13:55 +0600
From: "Alexander Konovalenko" <alexkon@...il.com>
To: "Google Security" <security@...gle.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	Bugtraq <bugtraq@...urityfocus.com>
Subject: Injecting spam into Google Web History via I'm
	Feeling Lucky queries

Google Web History is vulnerable to a CSRF-like attack that allows an
attacker to inject some entries into the user's search history. If you
are logged in to your Google account and have Web History enabled,
clicking on a malicious link will result in a Google search being
logged to your search history without your consent.

The malicious link can look something like this: <a
href="http://www.google.com/search?q=ENLARGE+YOUR+WHATEVER+NOW+uniquePageId+site:example.com&amp;btnI=I'm+Feeling+Lucky">
compelling vista exploits, free beer and cat pictures</a>

It will perform an I'm Feeling Lucky search on your behalf that will
immediately redirect you to a specific example.com page prepared by
the attacker in advance. For the attack to work, the page should be
indexed by Google and should match the query keywords ("enlarge",
"your" and so on). To ensure that the link always leads to a specific
page, the attacker can include the same unique word ("uniquePageId")
in the text of the destination page and in the search query. Besides
these requirements, the destination page can have any content.

To spam you with numerous Web History entries the attacker needs to
vary the search queries embedded into his links.

References

* Google Web History <https://www.google.com/history/>
* About I'm Feeling Lucky <http://www.google.com/help/features.html#lucky>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ