Full Disclosure mailing list archives
Re: Google Buzz and blind CSRF attacks
From: Cody Robertson <cody () hawkhost com>
Date: Fri, 12 Feb 2010 10:08:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/12/10 3:37 AM, Kristian Erik Hermansen wrote:
Greetings, Google Buzz is an incredibly useful new social networking service. However, it is also quite vulnerable to persistent CSRF attacks when data is pulled from external data feeds. For instance, I encourage you to follow me me on Google Buzz by utilizing my profile below and clicking "FOLLOW". You can probably also search for me in Google Buzz's interface within GMail as well. http://www.google.com/profiles/kristian.hermansen http://kristian-hermansen.blogspot.com/2010/02/google-buzz-csrf-test.html My proof-of-concept merely executes a denial of service against Google Buzz users for which the only recovery is to disable IMG tag loading, reload Google Buzz, and either "mute" the posting or unfollow me permanently. This is non-intrusive PoC to demonstrate weaknesses and the ever-increasing need to protect against CSRF attacks. I hope you enjoy the demonstration. Cheers,
Doesn't work for me -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt1btgACgkQAr2PPaFwRuqU9gCfcYu8WjlZIhkVcM9RWkiX8UYP nnAAnj1z7kEsIW5ii71dKzCK+LB79D3Y =0x85 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google Buzz and blind CSRF attacks Kristian Erik Hermansen (Feb 12)
- Re: Google Buzz and blind CSRF attacks Cody Robertson (Feb 12)
- Re: Google Buzz and blind CSRF attacks Kristian Erik Hermansen (Feb 12)
- Re: Google Buzz and blind CSRF attacks Fabien VINCENT (Feb 15)
- Re: Google Buzz and blind CSRF attacks Kristian Erik Hermansen (Feb 12)
- Re: Google Buzz and blind CSRF attacks Cody Robertson (Feb 12)