hack3core Posted November 23, 2013 Share Posted November 23, 2013 (edited) This is the hidden content, please Sign In or Sign Up A security researcher named Oren Hafif This is the hidden content, please Sign In or Sign Up a This is the hidden content, please Sign In or Sign Up in the gmail accounts that could allow an attacker to hijack any email account. This is a type of the password reset vulnerability, in the hacking process attacker have to send an email which looks like an email from an official google account. It’s a simple spear-phishing attack by leveraging a number of flaws i.e Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a flow bypass. This is the hidden content, please Sign In or Sign Up Upon clicking the link, it redirect users to a page that is linked to https.google.com but in real it leads the victim to the attacker’s website because of CSRF attack with a customized email address. In that page you have to enter, the last password you remember and a new password: This is the hidden content, please Sign In or Sign Up After completing the information collecting process—attacker has received your new password that you set for your account and cookie information of your account: This is the hidden content, please Sign In or Sign Up Share and Enjoy This is the hidden content, please Sign In or Sign Up Edited November 23, 2013 by Versus71 Link to comment Share on other sites More sharing options...
Recommended Posts