Google Cross Domain Bug Proof of Concept

by Sandeep on October 11, 2008

google chrome Google Cross Domain Bug Proof of ConceptGoogle’s Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users’ login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering.

A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ethical hacking collective, exploits a weakness in the google.com domain that allows him to inject third-party content into Google pages. The result is this page, which allowed him (at time of writing, anyway) to display a fraudulent Gmail login page that displayed mail.google.com in the browser’s address bar.

Download Mozilla Firefox now!

We'll send more interesting posts like Google Cross Domain Bug Proof of Concept to you!
Enter your Email Address:
Join us on Facebook.

You might also like:

Article by Sai Sandeep Thota

You can read more about me here. You can follow him on: Facebook | Twitter | Google +. If you like this post, you can follow us on Twitter. Subscribe to GadgetCage Feeds via RSS or Email to get instant updates.

Sai Sandeep has written 370 awesome articles for us.

  HostGator
    

Leave a Comment

Previous post:

Next post: