tag:blogger.com,1999:blog-7534521580510357281.post7123149518259987581..comments2023-07-25T06:08:54.823+03:00Comments on Ben Hayak - Security Blog: Stealing Private Photo Albums from Google - Same Origin Method Execution[Ben Hayak]http://www.blogger.com/profile/09473158121408723877noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-7534521580510357281.post-65863705918744192792015-07-30T12:05:30.139+03:002015-07-30T12:05:30.139+03:00BEN ROCKS.. ITS MY DREAM TO GO IN GOOGLE HALL OF F...BEN ROCKS.. ITS MY DREAM TO GO IN GOOGLE HALL OF FAME ONCE.. I WILL SOON Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-48730723295147670122015-07-15T23:13:13.815+03:002015-07-15T23:13:13.815+03:00Thank you for your interest. For any session, the ...Thank you for your interest. For any session, the callback endpoint's markup led to the execution of a controlled callback function based on the "callback" parameter. Taking this into account, in case of another user's browser or a session validation, google generated similar markup with only slightly different argument (i.e. JSON data). Since SOME attack allows you to hijack functions that will ignore the arguments (i.e. submit,click,etc) the varied value didn't affect the vulnerability and thus the instance was vulnerable executed a method for every user session. For the sake of clarity this instance was perfectly exploited and it was acknowledge by the Google bug bounty program. <br /><br />Regards.[Ben Hayak]https://www.blogger.com/profile/09473158121408723877noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-68821940323163010632015-07-15T22:32:48.381+03:002015-07-15T22:32:48.381+03:00Gr8,everything very clear expect one- @BenHayak ca...Gr8,everything very clear expect one- @BenHayak can you explain,the Callback endpoint containing the token would be only valid for you,if its visited by the victim it will give error rather than the markup mentioned,how did you bypass that?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-49857455974826611842015-06-18T23:58:23.624+03:002015-06-18T23:58:23.624+03:00Awesome finding and superb writing Awesome finding and superb writing Danor Cohen - An7ihttps://www.blogger.com/profile/01968215195235130699noreply@blogger.comtag:blogger.com,1999:blog-7534521580510357281.post-64907885212081315072015-05-26T20:12:26.283+03:002015-05-26T20:12:26.283+03:00Not Human N!nj@Not Human N!nj@Anonymoushttps://www.blogger.com/profile/12875682767596150432noreply@blogger.com