Guys,
I am a guy who is always in love with Google , and really respect them for their business policies and new ideas. But, for the case of google wave and Google Buzz, I somewhat disliked it – because there are other player, and google becoming more aggressive to poke their nose on every single market.
After google buzz published , I came to know from my colleague – Aloke Majumder – and tried to use it. But found, it is something which I really don’t like in my Inbox, one of my gurus and a real close friend Indranil Dasgupta shared same view like me.
And, you know, – after searching over the net and checking google buzz – what I found ? Google Buzz is vulnerable to Cross-Site Request Forgery (CSRF/XSRF) attacks. I uploaded a PoC
Please login to your gmail account, and then click on following URL.
http://www.krishnendu.com/google/index.html
After checking the URL , goto your gmail account and click on Buzz link. You will find that you are logged out from google account !!!!! Voila….
Surely google will fix this issue asap.
Related posts:
$50 Google Adwords Credit FREEAnother Search Engine by Google ? SearchMash.comTags: Google, Indranil Dasgupta, playerThis entry was posted on February 13, 2010, 5:11 am and is filed under Security. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.View the original article here
No comments:
Post a Comment