Google Blogoscoped

Forum

Google Docs Cookie Hijacking

Ionut Alex. Chitu [PersonRank 10]

Tuesday, May 12, 2009
15 years ago2,673 views

"This attack can be used to hijack Gmail/ Google doc cookies efficiently if certain conditions are met. The Google
docs are an integrated service provided by Google for online viewing the document. A user logged in to Gmail will
have the same cookie used for if any document. The interdependency can be exploited through this attack vector."

http://secniche.org/gmd_hijack/gc_hijack.xhtml

The issues were solved by Google in 5 days.

Juha-Matti Laurio [PersonRank 10]

15 years ago #

It is nice to notice that this cookie issue and this recent issue
http://blogoscoped.com/forum/154518.html

were reported to Google in responsible way.

/pd [PersonRank 10]

15 years ago #

Juha, but that has been fixed too.. Google Security Team propgated the fix on 05/07..!

Forum home

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!