Re: Google / GMail bug, all accounts vulnerable

[Peter Besenbruch <prb () lava net>]

On Wednesday 12 December 2007 11:27:28 Steven Adair wrote:
> Glad to see we figured it out. :)  Yes, "Cross Site Request Forgery" would
> be the correct term referenced by the acronym in all of the replies
> (subsequently also the first result in a normal Google query).

And there you have it: I can use Google and Wikipedia. ;)

> I'm still 
> not quite sure what the big deal on the favicon stuff in terms of this
> issue.  So lets say you completely disabled favicons altogether.  Now when
> you visit the original PoC - it no longer works.  However, if you simply
> had a 302 or mod_rewrite rule for any image that you actually had written
> into the source of your page, you could achieve the same result.

You are probably asking the wrong guy, but one of the comments made earlier in 
this thread claimed that the favicon method bypasses Noscript protections. 
Aside from XSS blocking, Noscript would eliminate IFRAMEs and most 
Javascript. Would your technique bypass it?

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/