Notifier for Google Wave Chrome extension XSS/CSRF
Page 1 of 1
Notifier for Google Wave Chrome extension XSS/CSRF
######################################
Notifier for Google Wave Chrome extension XSS/CSRF
extension:https://chrome.google.com/extensions/detail/aphncaagnlabkeipnbbicmcahnamibgb
Exploit available:yes vendor notify : NO
#######################################
So in this case "Notifier for Google Wave Chrome"
has a flaw that allow attackers to make XSS style attacks.
All extensions runs over his origin and no have way to altered data from extension
or get sensitive data like , email account or password etc..
if we look how many users have instaled this extension =>
https://chrome.google.com/extensions/detail/aphncaagnlabkeipnbbicmcahnamibgb
56,542 users have instaled it (WoW)
############
explanation
############
Notifier for Google Wave allows users to view wen they have a new wave and
view a preview of it ....
If a attacker compose a new wave with html or javascript code in
body & send it to victim´s the code is executed wen Victim´s click in the
extension to view a preview of wave.
So for exploit we need to compose a "special" wave
for example if we put directly in the mail body a iframe like
"><iframe src="javascript:alert(location.href);"></iframe>
in the two cases the alert is executed wen try to preview the wave
with the extension it is executed in context location.href value is
"about:blank"
For example send a wave With a logout acction in google wave in body
"><iframe src="https://wave.google.com/wave/logout"></iframe>
it closes the sesion on google wave , this is a CSRF.
######################€nd#################################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Google Services Notifier Chrome extension XSS/CSRF
» Gmail Checker plus Chrome extension XSS/CSRF II
» Google Chrome and Chrome frame Prompt DoS
» What is Google Wave?
» Google Chrome close() issue
» Gmail Checker plus Chrome extension XSS/CSRF II
» Google Chrome and Chrome frame Prompt DoS
» What is Google Wave?
» Google Chrome close() issue
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|