Serious flaw in Froogle Reveals Gmail Accounts

By Aviran
in Back Page News

 Share

Recommended Posts

Contributor

Aviran

Posted
Posted

New security flaw in Google?s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user?s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user?s cookie, which contains personal information, such as purchase history, user name and password for Google services.

Source

Grand Master

Malisk

Posted
Posted
well, now we know why gmail is still officially beta

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

Mentor

the_snitch

Posted
Posted
Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

585291922[/snapback]

Ok then...now we know why Froogle is still in Beta.

Rookie

Ranhoca

Posted
Posted

sh** happens :p

:D

Anyway, this kind of bug is not a big deal, there is a lot of php freescript with this kind of bug, it was (and sometimes it IS) relly easy to steal a cookie from forum or anything else. And the problem is not only in the free script, but also in forum like vbulletim etc...

I sure that froggle will corect this bug very soon... It's a matter of time.

*** sorry for my crappy english.

Rising Star

Alien Venom

Posted
Posted
Just to clarify, the problem isn't in Gmail, it's in Froogle.

Actually, it's both.

The idea is to create secure products. That includes making it secure to any other programs (or scripts) installed on the system and from other users on the system.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.