AOH :: HP Unsorted G :: VA3430.HTM

Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing



Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing
Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing




Hi

Google docs network was vulnerable to PDF repurposing attacks. The
vulnerability was disclosed to Google with a discretion.
This was done to mitigate the risk . Google had worked over it and
patched it with in a period of 5 days. The Google doc has
been refined now and the integrated support for adobe plugin is removed.
The user security was the prime issue because millions
of user were at risk if this attack persisted in the open environment.
Integrated accounts were more susceptible as certain
stolen credentials could be used to access  accounts.

The advisory is released here:
http://secniche.org/gmd_hijack/gc_hijack.xhtml 
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf 


Regards
Aditya KS
http://www.secniche.org 





The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.