Serious flaw in Froogle Reveals Gmail Accounts

[Aviran]

New security flaw in Google?s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user?s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user?s cookie, which contains personal information, such as purchase history, user name and password for Google services.

Source

[Slimy]

:pinch: oh well hope google will fix this asap

[APL88]

This is good for me if I can find out how, so I can get the passwrod back from my old acount, which is teh same password for an old s/n i cant get onto.

[Joey992]

I always used pricegrabber or pricewatch but it still sucks.

OT: nice sig APLardi

[figgy]

Oh wow!

I am definetly curious how a simple javascript can cause exposure of gmail accounts.

[Coolme]

Oh wow!

I am definetly curious how a simple javascript can cause exposure of gmail accounts.

585290824[/snapback]

Gmail is written fully in JavaScript

[kainashi]

hope google fixes this soon. i just used froogle earlier too. :(

[matt74441]

Gmail is written fully in JavaScript

585290900[/snapback]

Not entirely, the interface uses a lot of JavaScript. You can't make a webmail with 100% client-side code.

[Lare2]

:/

[Xer34]

Yikes. Hoping they fix it ASAP.

[Fedorpheux]

well, now we know why gmail is still officially beta

:laugh:

[Malisk]

well, now we know why gmail is still officially beta

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

[the_snitch]

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

585291922[/snapback]

Ok then...now we know why Froogle is still in Beta.

[ZZOOzzoo]

Ok then...now we know why Froogle is still in Beta.

585291936[/snapback]

:p

[Guest FaX]

how do I do this ive lost my passowrd to my other gmail account :s

[TimRogers]

This is not bad, because I dont use Froogle!

[Pwnadog]

Like... thats EVIL :p

[Ranhoca]

sh** happens :p

:D

Anyway, this kind of bug is not a big deal, there is a lot of php freescript with this kind of bug, it was (and sometimes it IS) relly easy to steal a cookie from forum or anything else. And the problem is not only in the free script, but also in forum like vbulletim etc...

I sure that froggle will corect this bug very soon... It's a matter of time.

*** sorry for my crappy english.

[GatorV]

Good that I don't use froogle..

[reset]

i like froogle but ive been using the yahoo shopping search more and more lately. to me, the interface just seems more intuitive. my 2 cents

[galoosh33]

I use both Froogle and Gmail, hope they would get it fixed soon.

[rob2090]

how do I do this ive lost my passowrd to my other gmail account :s

585292154[/snapback]

Start searching on Google ... :shifty:

[APL88]

same for me cant find it tho

[Alien Venom]

Just to clarify, the problem isn't in Gmail, it's in Froogle.

Actually, it's both.

The idea is to create secure products. That includes making it secure to any other programs (or scripts) installed on the system and from other users on the system.

[Mx]

Google will fix it asap, hopefully.