Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Injecting spam into Google Web History via I'm Feeling

from [Alexander Konovalenko] Network Security [Permanent Link]
Subject: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries
Date: Sat, 19 Apr 2008 04:13:55 +0600 
Google Web History is vulnerable to a CSRF-like attack that allows an
attacker to inject some entries into the user's search history. If you
are logged in to your Google account and have Web History enabled,
clicking on a malicious link will result in a Google search being
logged to your search history without your consent.

The malicious link can look something like this: <a
href="http://www.google.com/search?q=ENLARGE+YOUR+WHATEVER+NOW+uniquePageId+site:example.com&amp;btnI=I'm+Feeling+Lucky">
compelling vista exploits, free beer and cat pictures</a>

It will perform an I'm Feeling Lucky search on your behalf that will
immediately redirect you to a specific example.com page prepared by
the attacker in advance. For the attack to work, the page should be
indexed by Google and should match the query keywords ("enlarge",
"your" and so on). To ensure that the link always leads to a specific
page, the attacker can include the same unique word ("uniquePageId")
in the text of the destination page and in the search query. Besides
these requirements, the destination page can have any content.

To spam you with numerous Web History entries the attacker needs to
vary the search queries embedded into his links.

References

* Google Web History <https://www.google.com/history/>
* About I'm Feeling Lucky <http://www.google.com/help/features.html#lucky>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wikepage Wiki v.2007-2 Cross-Site Scripting, darkz . gsa
Next by Date:  [Full-disclosure] [ GLSA 200804-23 ] CUPS: Integer overflow vulnerability, Matthias Geerdsen
Previous by Thread:  Wikepage Wiki v.2007-2 Cross-Site Scripting, darkz . gsa
Next by Thread:  Re: [Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Nick FitzGerald
Indexes:  [Date] [Thread] [Top] [All Lists]