Google Blogoscoped

Forum

Google Docs Cookie Hijacking

Ionut Alex. Chitu [PersonRank 10]

Tuesday, May 12, 2009
11 years ago2,255 views

"This attack can be used to hijack Gmail/ Google doc cookies efficiently if certain conditions are met. The Google
docs are an integrated service provided by Google for online viewing the document. A user logged in to Gmail will
have the same cookie used for if any document. The interdependency can be exploited through this attack vector."

secniche.org/gmd_hijack/gc_hij ...

The issues were solved by Google in 5 days.

Juha-Matti Laurio [PersonRank 10]

11 years ago #

It is nice to notice that this cookie issue and this recent issue
blogoscoped.com/forum/154518.h ...

were reported to Google in responsible way.

/pd [PersonRank 10]

11 years ago #

Juha, but that has been fixed too.. Google Security Team propgated the fix on 05/07..!

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!