As you say, they are few and most of us won't notice when they succeed. What I am more concerned about are those with equal or greater talents than the public researchers that are tipped off as to where to look. I'm not too interested in the script kiddie effect. It makes use of a CSRF redirection utility to simplify the ix The actual exploit can be launched from here. UPDATE 8: I promised to release the POC as soon as Google fixes the vulnerability. It does work and it is nasty if you ask me.
The exploit was verified by Ryan Naraine and several close friends. I am not planning to release the details of this vulnerability for now. Just look it up on this blog or with your favourite search engine. I am not planning to go into details how it works. The technique used in this example is known as Cross-site request forgery, or simply CSRF.
The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google. Keep in mind that future emails will be forwarded as well. This filter will automatically transfer all emails matching the rule. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice.
Upon that, the page performs a multipart/form-data POST to one of the GMail alternative interfaces and injects a filter into the victim's filter list. The victim visits a malicious page while being logged into GMail.
0 kommentar(er)
