Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Google Buzz and blind CSRF attacks
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Fri, 12 Feb 2010 00:37:18 -0800

Greetings,

Google Buzz is an incredibly useful new social networking service.
However, it is also quite vulnerable to persistent CSRF attacks when
data is pulled from external data feeds.  For instance, I encourage
you to follow me me on Google Buzz by utilizing my profile below and
clicking "FOLLOW".  You can probably also search for me in Google
Buzz's interface within GMail as well.

http://www.google.com/profiles/kristian.hermansen
http://kristian-hermansen.blogspot.com/2010/02/google-buzz-csrf-test.html

My proof-of-concept merely executes a denial of service against Google
Buzz users for which the only recovery is to disable IMG tag loading,
reload Google Buzz, and either "mute" the posting or unfollow me
permanently.  This is non-intrusive PoC to demonstrate weaknesses and
the ever-increasing need to protect against CSRF attacks.  I hope you
enjoy the demonstration.

Cheers,
-- 
Kristian Erik Hermansen
http://www.linkedin.com/in/kristianhermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault