April 15th, 2008, 08:03 PM
Cookie Monster: Google Spreadsheets
Sick of all the XSS posts? Too bad, cause here comes another
This time, the victim is Google Spreadsheats, which can eat your cookies and impersonate you (on Google anyway).
Google XSS - Billy (BK) Rios
Screenshots, too, so it did happen (unless Photoshop was involved).
Now, normally when I find an XSS vulnerability on a popular domain I just report it to the appropriate security team and move on, but this one is interesting…
By taking advantage of the content-type returned by spreadsheets.google.com (and a caching flaw on the part of Google), I was able to pull off a full blown XSS against the google.com domain. For those of you who don’t understand what this means, allow me to elaborate. When Google sets their cookie, it is valid for all of their sub domains. So, when you log into gmail (mail.google.com), your gmail cookie is actually valid for code.google.com, docs.google.com, spreadsheets.google.com…and so on. If someone (like me) finds an XSS vulnerability in any one of these sub domains, I’ll be able to hijack your session and access any google service as if I were you.
[via heise Security UK]
By Egaladeist in forum General Computer Discussions
Last Post: October 28th, 2005, 04:49 AM
By ch4r in forum Other Tutorials Forum
Last Post: January 21st, 2005, 01:53 PM
By 3rr0r in forum The Security Tutorials Forum
Last Post: December 1st, 2004, 05:31 AM
By MrLinus in forum Web Security
Last Post: August 7th, 2004, 04:13 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM