Cognitive Story About David Ire's Gmail Vulnerability
A fairly well-known designer a month ago was attacked by [yet] unknown Kiddis script that exploited a vulnerability in a favorite of many (including me) Gmile.
History has already managed to surf the Web well, but if someone has not seen it, it will be useful to many. I will omit unnecessary details (if you wish, you can read them in the official address of David), I will try to convey the essence.
The attackers used the insultingly simple breach in the security of the Hyundai. Scripts on infected sites sent a POST request to the filter management page in the ATM, while, if the user had an active session in the latter (for example, an inbox was opened in the adjacent tab), the request was successfully executed. And this request consisted in adding a simple filter Matches: transfer-approval.com Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it , i.e. in forwarding all incoming messages containing the string 'transfer-approval.com' to the specified address, without saving the letter itself and the forwards in the box.
This exploit is as old as the world, but I’m used to the fact that with the help of it you can send all private messages from any forum, but don’t attack serious services like gmail.
David got off quite easily - they took the domain from 2k uni per day and demanded $ 500 for a return (after a week, by the way, they reduced the price to $ 250, but he refused to buy the domain even for $ 1 from the principle). Such a "frivolous" damage is due to quite objective reasons. After learning from his blog that he was going on vacation, the Kiddys made an assumption that he would hardly check his filters often and ordered the transfer of the domain through a hoster helpdesk. For a successful transfer, you need a confirmation that arrives in the mail, and for this purpose a filter has been installed. But in theory, if the user does not use filters at all, then it was possible to divert any letters containing the word 'password' for a long time, for example.
Now the gap is already patched.
Morality - even the omnipotent Google, which many fear already, may have completely childish vulnerabilities. And to all developers - note, do not allow this in yourself :)
History has already managed to surf the Web well, but if someone has not seen it, it will be useful to many. I will omit unnecessary details (if you wish, you can read them in the official address of David), I will try to convey the essence.
The attackers used the insultingly simple breach in the security of the Hyundai. Scripts on infected sites sent a POST request to the filter management page in the ATM, while, if the user had an active session in the latter (for example, an inbox was opened in the adjacent tab), the request was successfully executed. And this request consisted in adding a simple filter Matches: transfer-approval.com Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it , i.e. in forwarding all incoming messages containing the string 'transfer-approval.com' to the specified address, without saving the letter itself and the forwards in the box.
This exploit is as old as the world, but I’m used to the fact that with the help of it you can send all private messages from any forum, but don’t attack serious services like gmail.
David got off quite easily - they took the domain from 2k uni per day and demanded $ 500 for a return (after a week, by the way, they reduced the price to $ 250, but he refused to buy the domain even for $ 1 from the principle). Such a "frivolous" damage is due to quite objective reasons. After learning from his blog that he was going on vacation, the Kiddys made an assumption that he would hardly check his filters often and ordered the transfer of the domain through a hoster helpdesk. For a successful transfer, you need a confirmation that arrives in the mail, and for this purpose a filter has been installed. But in theory, if the user does not use filters at all, then it was possible to divert any letters containing the word 'password' for a long time, for example.
Now the gap is already patched.
Morality - even the omnipotent Google, which many fear already, may have completely childish vulnerabilities. And to all developers - note, do not allow this in yourself :)
')
Source: https://habr.com/ru/post/18072/
All Articles