[Owasp-brazilian] CSRF vulnerability in GMail service

Fernando Cima fcima at microsoft.com
Tue Mar 3 12:00:34 EST 2009


Oi Rodrigo,

Eu li o advisory mas não entendi qual é a vulnerabilidade. Pelo que eu entendi a mudança de senha necessita que o request informe a senha antiga – desta forma, como seria possível fazer o explorar o cookie de sessão para trocar a senha do usuário?

From: owasp-brazilian-bounces at lists.owasp.org [mailto:owasp-brazilian-bounces at lists.owasp.org] On Behalf Of Rodrigo Montoro(Sp0oKeR)
Sent: Tuesday, March 03, 2009 8:07 AM
To: owasp-brazilian at lists.owasp.org
Subject: [Owasp-brazilian] CSRF vulnerability in GMail service

Isso é algo que não esperava ter no google =)

Ingles: http://community.nstalker.com/csrf-vulnerability-in-gmail-service
pt_BR: http://community.nstalker.com/csrf-vulnerability-in-gmail-service-pt_br

Cuidado onde clicam =D

Happy Hacking!

--
===========================
Rodrigo Montoro (Sp0oKeR)
http://www.spooker.com.br
http://www.snort.org.br
http://www.linkedin.com/in/spooker
===========================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazilian/attachments/20090303/4bb53d95/attachment.html 


More information about the Owasp-brazilian mailing list