[WEB SECURITY] CSRF hole Google adsense
gaz_sec at hushmail.com
gaz_sec at hushmail.com
Thu Sep 27 08:07:30 EDT 2007
Hi all
I've found a CSRF hole in Google adsense which allows any attacker
to change the address details on your adsense account.
http://www.thespanner.co.uk/2007/09/27/google-adsense-csrf-hole/
I can't release the official poc because Google hasn't fixed it yet
but you can find it if you know were to look ;)
Cheers
Gareth
--
Click to become a master chef, own a restaurant and make millions.
http://tagline.hushmail.com/fc/Ioyw6h4eAFc3uKLCIpuVYVzm4peLs8A3j667DIZHLXdBicfLQP9fpI/
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list