Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable

could someone please explain how this PoC works? I wonder why simply loading an image logs me out

Kristian Erik Hermansen <kristian.hermansen@xxxxxxxxx> wrote: On Dec 7, 2007 7:40 AM, Aaron Katz wrote:
Could you please explain the vulnerability? When I test, and I submit
a correct response to the CAPTCHA, I'm presented with knowledge based
authentication.

The bug, unless Google fixed it already, will have an affect on your
GMail account, but has nothing to do with CAPTCHAs. Here is an
illustration....

* You are happily browsing some emails in GMail.
* You then visit any website which utilizes my PoC. (one @
http://www.kristian-hermansen.com)
* You try to use your GMail account, but something went wrong.
* You ask yourself what happened...
--
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now._______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages