Google GMail Vulnerability - Cross Site Request Forgery
Petko D. Petkov at GNUCitizen posts on a cross site request forgery describing how a GMail account can be infected with a persistent backdoor. The hack uses GMail filters to forward emails (or presumably anything else one can think of to do with a filter) and is set in place after visiting a Web site hosting the attack.
Here is the sequence of steps in the attack:
The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.
According to The Register:
A Google spokesman said company bug hunters were looking into the report.Petkov's discovery is just the latest way people can be burned when entrusting their personal data to Google. Yesterday, various researchers showed how a vulnerability in the Google search appliance, which the company sells to webmasters, can be used to inject code and overwrite content on the pages of third-party sites. Another flaw made it possible to steal photos designated as private on the Picasa application.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
