Serious flaw in Froogle Reveals Gmail Accounts


Recommended Posts

New security flaw in Google?s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user?s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user?s cookie, which contains personal information, such as purchase history, user name and password for Google services.

Source

Link to comment
Share on other sites

This is good for me if I can find out how, so I can get the passwrod back from my old acount, which is teh same password for an old s/n i cant get onto.

Link to comment
Share on other sites

Gmail is written fully in JavaScript

585290900[/snapback]

Not entirely, the interface uses a lot of JavaScript. You can't make a webmail with 100% client-side code.

Link to comment
Share on other sites

well, now we know why gmail is still officially beta

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

Link to comment
Share on other sites

Just to clarify, the problem isn't in Gmail, it's in Froogle.

The problem isn't just spread to Gmail either, but I guess in all their services sharing data under the google.com cookie.

585291922[/snapback]

Ok then...now we know why Froogle is still in Beta.

Link to comment
Share on other sites

sh** happens :p

:D

Anyway, this kind of bug is not a big deal, there is a lot of php freescript with this kind of bug, it was (and sometimes it IS) relly easy to steal a cookie from forum or anything else. And the problem is not only in the free script, but also in forum like vbulletim etc...

I sure that froggle will corect this bug very soon... It's a matter of time.

*** sorry for my crappy english.

Link to comment
Share on other sites

Just to clarify, the problem isn't in Gmail, it's in Froogle.

Actually, it's both.

The idea is to create secure products. That includes making it secure to any other programs (or scripts) installed on the system and from other users on the system.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.