SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

csrf recovery message in gmail

بستن
X
بستن
 
  • صفحه از 1
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید
قبلی template بعدی
  • #1

    csrf recovery message in gmail

    سلام  گوگل راجه به این موضوعات با من مکاتبه میکنه ولی متاسفانه ثبت نمیشه ولی کاملا واضح است ضعف امنیتی و سوئ استفاده ای که میشه کرد در پستای بعدی فیلم و بعضی از مکاتباتم رو میزارم# csrf recovery message in gmail# Risk: high# Version: All# Date: August - September 2017# Author: Hosein)root# Tested on windows; Mozilla Firefox 54# Vulnerable File: https://mail.google.com/mail/u/0/?ta...e2ebb2438ce504#explain vulnerability:#when you enter to email in inbox you have vertification code 15e2ebb2438ce504 after inbox/ we save this code
    #when user clear message from inbox- and clear message from trash .our users want  message deelted for ever. but not deleted and easy recovery
    #when gmail is hacked .
    #attacker can easly bruteforce  vertification code by creat large table from small alpha and numbers and recovery secure message is deleted
    #######
    برچسب ها: هیچ یک
  • #2
    RE: csrf recovery message in gmail

    ویدئو

    https://youtu.be/c0NNFfmH2sw

    بعضی از مکاتبات

    Hey,

    Thanks for the bug report. We analyzed it, but there are still some areas we don't understand fully.

    How could this be used in the attack against other users? Please write a more detailed attack scenario - we have prepared some tips on how to create one on this page.

    Thanks a lot in advance!

    How did we do? Please fill out a short anonymous survey to help Google Vulnerability Reward Program get better.

    Rgds

    ====================

    Hey,

    Just letting you know that your report was triaged and we're currently looking into it. You should receive a response in a couple of days, but it might take up to a week if we're particularly busy.

    Thanks,

    Google Security Team

    Michal
    ================
    when user clear message from inbox- and clear message from trash .our users want message deelted for ever. but not deleted and easy recovery
    when gmail is hacked .
    attacker ecan asly bruteforce vertification code by creat large table from small alpha and numbers and recovery secure message is deleted

    Google Security Team

    =====================
    Hi Ali,

    Thanks for your report. You can't easily brute force the code. The other part (that the code is still valid after you delete the email) is working as intended.

    Regards,
    Martin, Google Security Team

    البته میدونید که اسم بنده علی نیست

    نظر

    قبلی template بعدی
    صبر کنید ..
    X