Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable

From: coderman <coderman_at_nospam>
Date: Wed Dec 12 2007 - 18:21:06 GMT
To: steven@securityzone.org

On Dec 12, 2007 10:05 AM, Steven Adair <steven@securityzone.org> wrote:
> ...
> I guess I am not understanding why this is considered to be a big CSRF
> issue.

big is relative. i call it funny colored medium to small medium...

> ... You cannot send/delete e-mail or take
> any real actions can you?

let us ponder this:

CSRF icon in your bookmarks to lure you.

XSS in google spreadsheet, chat, $service.

they meet fortuitously in a black hat tryst and your browser is a sock puppet (to goog) all the live long day...

to beat this dead horse one more time:
- the favicon behavior introduces some useful / interesting vectors not previously discussed
- the ability of CSRF is much less interesting than application of CSRF. maybe much ado about nothing, maybe materia to junction in the chamber of your sploit cannon...???

> Let's keep in
> mind that these redirects keep the HTTP referer field in tact.

not always, see http/https transitions and browser specific 301/302 fast redirect behavior...

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Fredrick Diggle: "Re: [Full-disclosure] on xss and its technical merit"
Previous message: coderman: "Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable"
In reply to: Steven Adair: "Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable"
Next in thread: Peter Besenbruch: "Re: [Full-disclosure] Google / GMail bug, all accounts vulnerable"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]