“that password recovery is often in the center of attention for attackers – and for security professionals.” reported Oren.
” The link should actually refer to an attacker’s site (and it does):
http://www.orenh.com/test.html#Email=hatechnion@gmail.com” The attacker’s site performs a CSRF with the customized email address, and once completed – launches the XSS exploit. The code might look like this:” said Oren.
“the code above, reads a Hash parameter (“Email”) for the victim’s email. It creates an invisible image and puts an “initialize password recovery” link as its source.After the request is processed, an Error event is thrown (since this is not really an image).”
At this point the hacker has grabbed victim new password and cookie information with an XSS attack.
“The onError handler now redirects to the XSS’d URL, The user clicks “Reset Password”… and from here the sky is the limit.”
The researcher published a proof of concept video to demonstrate the attack:
Hafif reported the flaw to the Google Security department and Google has promptly fixed the issues assigning a reward of $5,100 under their Bug Bounty Program.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Google mail, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025,…
A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SmarterTools SmarterMail and React Native Community CLI…
Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including…
Italy stopped Russian-linked cyberattacks targeting Foreign Ministry offices and Winter Olympics websites and hotels, Foreign…
China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in…
This website uses cookies.
