Tony Ruscoe exposed another google security bug! This was used for session hijacking!
Tony’s not a malicious hacker of course (in fact, the first thing he did was inform Google Security!), but he found a loophole in a new feature Google rolled out recently. Using a proof of concept script targeting this loophole “ which I can detail once it’s fixed “, all Tony needed to do was make a user who’s logged into their Google Account visit a page of his, which happened to be on a trustworthy google.com sub-domain. I visited Tony’s page, which sent my Google cookies to Tony
Well what could Tony did with these cookies??? Here is a (incomplete) list…
- Get into my Google Docs & Spreadsheets application and read and modify documents I saved there
- Read subjects from my Gmail inbox, as well as the first few words of these emails, by adding a Gmail module to the Google Personalized Homepage
- View my Google Accounts page
- Enter my Google Reader
- Read my private Google Notebook
- View my complete Google search history (for as long as I had the search history feature enabled in Google)
Tony phrased it on his proof of concept page, Think yourself lucky that I wasn’t that evil!
Well Tony was not evil n thats for sure. The bug is also fixed now without causing any damage!