Google recently launched a Twitter-like application called Google Buzz. We have established that the application is quite vulnerable to persistent CSRF attacks when data is pulled from external data feeds.
CSRF (Cross Site Request Forgery) vulnerability works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific URLs allowing certain actions to be performed on request. If a user is logged on to the site and an attacker tricks the user’s browser into making a request to one of these task URLs, then the task is performed and logged as the logged on user as shown in figure 1.1
Fig. 1.1
In Google Buzz user contact list are culled out by auto-following those you email regularly. This is similar to Twitter where users can follow someone.
The following characteristics are common to CSRF:
- Involve sites that rely on a user’s identity
- Exploit the site’s trust in that identity
- Trick the user’s browser into sending HTTP requests to a target site
- Involve HTTP requests that have side effects
As of this writing we have not succeeded in finding a sample which exploits this vulnerability in the wild.
Discovery date: February 12, 2009.
Reference:
http://www.packetstormsecurity.org/filedesc/googlebuzz-xsrf.txt.html
Note:
Google is already updated the buzz but this attack is still reproducible in Google reader.
Add comment
If you find the content of this comment offensive, you can report it and our crew will have a look at it
Comments