Google Cross Domain Bug Proof of Concept

Decrease Font Size Increase Font Size
Saturday, October 11, 2008 | by Sandeep | See Comments

Google's Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users' login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.

A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the google.com domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed mail.google.com in the browser's address bar.


Download Mozilla Firefox now!



We will send you some more information related to Google Cross Domain Bug Proof of Concept.Enter your email address:


If you find this article useful, please feel free to link to this page from your website or blog. You can simply copy-paste the following code into your page to create a link.

0 Responses So far

Post a Comment