Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing

2009-05-11 / 2009-05-12

Credit: Aditya K Sood

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Hi
Google docs network was vulnerable to PDF repurposing attacks. The
vulnerability was disclosed to Google with a discretion.
This was done to mitigate the risk . Google had worked over it and
patched it with in a period of 5 days. The Google doc has
been refined now and the integrated support for adobe plugin is removed.
The user security was the prime issue because millions
of user were at risk if this attack persisted in the open environment.
Integrated accounts were more susceptible as certain
stolen credentials could be used to access accounts.
The advisory is released here:
http://secniche.org/gmd_hijack/gc_hijack.xhtml
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf
Regards
Aditya KS
http://www.secniche.org

References:

http://secniche.org/gmd_hijack/gc_hijack.xhtml

http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.