Details of Google’s Latest Security Hole which resulted into session hijacking!

Tony Ruscoe exposed another google security bug! This was used for session hijacking!

As Philipp Lenssen Says,

Tony’s not a malicious hacker of course (in fact, the first thing he did was inform Google Security!), but he found a loophole in a new feature Google rolled out recently. Using a proof of concept script targeting this loophole “ which I can detail once it’s fixed “, all Tony needed to do was make a user who’s logged into their Google Account visit a page of his, which happened to be on a trustworthy sub-domain. I visited Tony’s page, which sent my Google cookies to Tony

Well what could Tony did with these cookies??? Here is a (incomplete) list…

  • Get into my Google Docs & Spreadsheets application and read and modify documents I saved there
  • Read subjects from my Gmail inbox, as well as the first few words of these emails, by adding a Gmail module to the Google Personalized Homepage
  • View my Google Accounts page
  • Enter my Google Reader
  • Read my private Google Notebook
  • View my complete Google search history (for as long as I had the search history feature enabled in Google)

Tony phrased it on his proof of concept page, Think yourself lucky that I wasn’t that evil!

For details…

Well Tony was not evil n thats for sure. The bug is also fixed now without causing any damage!

Thanks Tony!

Related posts: