[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] CSRF hole Google adsense

From: <gaz_sec@xxxxxxxxxxxx>
Subject: [WEB SECURITY] CSRF hole Google adsense
Date: Thu, 27 Sep 2007 13:07:30 +0100

Hi all

I've found a CSRF hole in Google adsense which allows any attacker 
to change the address details on your adsense account.

http://www.thespanner.co.uk/2007/09/27/google-adsense-csrf-hole/

I can't release the official poc because Google hasn't fixed it yet 
but you can find it if you know were to look ;)

Cheers

Gareth

--
Click to become a master chef, own a restaurant and make millions.
http://tagline.hushmail.com/fc/Ioyw6h4eAFc3uKLCIpuVYVzm4peLs8A3j667DIZHLXdBicfLQP9fpI/


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] CSRF hole Google adsense
  - From: Jeff Robertson

Prev by Date: [WEB SECURITY] Hackvertor
Next by Date: Re: [WEB SECURITY] CSRF hole Google adsense
Previous by thread: [WEB SECURITY] Hackvertor
Next by thread: Re: [WEB SECURITY] CSRF hole Google adsense
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site