[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] CSRF hole Google adsense

From: "Jeff Robertson" <jeff.robertson@xxxxxxxxx>
Subject: Re: [WEB SECURITY] CSRF hole Google adsense
Date: Thu, 27 Sep 2007 12:25:48 -0400

On 9/27/07, gaz_sec@xxxxxxxxxxxx <gaz_sec@xxxxxxxxxxxx> wrote:
> Hi all
>
> I've found a CSRF hole in Google adsense which allows any attacker
> to change the address details on your adsense account.
>
> http://www.thespanner.co.uk/2007/09/27/google-adsense-csrf-hole/
>
> I can't release the official poc because Google hasn't fixed it yet
> but you can find it if you know were to look ;)

Why tell us about it at all, if you can't tell us everything?

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] CSRF hole Google adsense
  - From: gaz_sec

Prev by Date: [WEB SECURITY] CSRF hole Google adsense
Next by Date: [WEB SECURITY] Openid security css overlays
Previous by thread: [WEB SECURITY] CSRF hole Google adsense
Next by thread: [WEB SECURITY] Openid security css overlays
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site