Google Open to Frame Injection Attack

Posted in Google Verse, Security, Web 2.0 by wayne.porter on October 11th, 2008

Report has it that Google is vulnerable to a frame injection attack that could be used to phish login credentials from Google users.  The vulnerability can open up a vector of attack through other applications beyond Gmail. 

Any applications in Google’s roster of canonical domains: maps.google.com, images.google.com, news.google.com, mail.google.com, and google.com are potentially vulnerable. The attacker can perform the phish without needing to bypass XSS/HTML filters or even break into the a targeted Google server which makes it even more dangerous.

Frame Injection Proof of Concept Code

Aviv’s, the security researcher who disovered vuln.  blog entry:

frame injection google google security HTML phish phishing proof of concept XSS

Popularity: 2% [?]

Share This

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Related Links


Close
E-mail It