[Owasp-brazilian] CSRF vulnerability in GMail service

Fernando Cima fcima at microsoft.com
Tue Mar 3 12:03:04 EST 2009


Fazer o brute force ("The password cracking is executed transparently to the victim") o atacante pode fazer indo diretamente na página do Gmail, não precisa de CSRF para isso...

Abraços,

- Fernando Cima

From: owasp-brazilian-bounces at lists.owasp.org [mailto:owasp-brazilian-bounces at lists.owasp.org] On Behalf Of Thiago Lechuga
Sent: Tuesday, March 03, 2009 8:58 AM
To: Rodrigo Montoro(Sp0oKeR)
Cc: owasp-brazilian at lists.owasp.org
Subject: Re: [Owasp-brazilian] CSRF vulnerability in GMail service

Ta... mas voce ainda tem que saber o password atual da pessoa... ou rolar um brute force, é isso?
Nao é essas coca-cola toda. Quando li a parada achei que era um falha do tipo "Entre aqui e perca seu e-mail".

[]s,

Thiago Alvarenga Lechuga
(19)9153-3822

Página Pessoal:
http://thiagoalz.googlepages.com/home
http://segurancawebbr.blogspot.com/

===Knowledge is only useful if you can share it.===

2009/3/3 Rodrigo Montoro(Sp0oKeR) <spooker at gmail.com<mailto:spooker at gmail.com>>
Isso é algo que não esperava ter no google =)

Ingles: http://community.nstalker.com/csrf-vulnerability-in-gmail-service
pt_BR: http://community.nstalker.com/csrf-vulnerability-in-gmail-service-pt_br

Cuidado onde clicam =D

Happy Hacking!

--
===========================
Rodrigo Montoro (Sp0oKeR)
http://www.spooker.com.br<http://www.spooker.com.br/>
http://www.snort.org.br<http://www.snort.org.br/>
http://www.linkedin.com/in/spooker
===========================

_______________________________________________
Owasp-brazilian mailing list
Owasp-brazilian at lists.owasp.org<mailto:Owasp-brazilian at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-brazilian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazilian/attachments/20090303/a1042966/attachment.html 


More information about the Owasp-brazilian mailing list