“that password recovery is often in the center of attention for attackers – and for security professionals.” reported Oren.
” The link should actually refer to an attacker’s site (and it does):
http://www.orenh.com/test.html#Email=hatechnion@gmail.com” The attacker’s site performs a CSRF with the customized email address, and once completed – launches the XSS exploit. The code might look like this:” said Oren.
“the code above, reads a Hash parameter (“Email”) for the victim’s email. It creates an invisible image and puts an “initialize password recovery” link as its source.After the request is processed, an Error event is thrown (since this is not really an image).”
At this point the hacker has grabbed victim new password and cookie information with an XSS attack.
“The onError handler now redirects to the XSS’d URL, The user clicks “Reset Password”… and from here the sky is the limit.”
The researcher published a proof of concept video to demonstrate the attack:
Hafif reported the flaw to the Google Security department and Google has promptly fixed the issues assigning a reward of $5,100 under their Bug Bounty Program.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Google mail, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…
Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…
Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks…
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in…
This website uses cookies.
