Tony Ruscoe exposed another google security bug! This was used for session hijacking!

As Philipp Lenssen Says,

Tony’s not a malicious hacker of course (in fact, the first thing he did was inform Google Security!), but he found a loophole in a new feature Google rolled out recently. Using a proof of concept script targeting this loophole “ which I can detail once it’s fixed “, all Tony needed to do was make a user who’s logged into their Google Account visit a page of his, which happened to be on a trustworthy google.com sub-domain. I visited Tony’s page, which sent my Google cookies to Tony

Well what could Tony did with these cookies??? Here is a (incomplete) list…

• Get into my Google Docs & Spreadsheets application and read and modify documents I saved there
• Read subjects from my Gmail inbox, as well as the first few words of these emails, by adding a Gmail module to the Google Personalized Homepage
• View my Google Accounts page
• Enter my Google Reader
• Read my private Google Notebook
• View my complete Google search history (for as long as I had the search history feature enabled in Google)

Tony phrased it on his proof of concept page, Think yourself lucky that I wasn’t that evil!

For details…

• Philipp Lenssens’ post about potentials of this bug
• Tony Ruscoes’ proof of concept page with all details!

Well Tony was not evil n thats for sure. The bug is also fixed now without causing any damage!

Thanks Tony!

Related posts:

• List of Google Subdomains - Treat for Google Lovers!

If you like this post, you may subscribe to my RSS feed or email alerts to receive automatic updates in future! Thanks for reading... :-)