10
COMMENTS

Google Exploit Found – Pretends To Be GMail Plus

GMail Exploit


Someone has figured out a way to make a Google URL do just about anything they want by using an exploit. The page that they “created” is located here:

http://www.google.com/u/gplus

and disguises itself to be an upcoming GMail Plus service. This is a “scam” in some sense because it is not actually for any Google service, instead, the next page will tell you

You (could have) gotten served!

MyUserName = username you entered
MyPassword = password you entered No data was actually taken, just displayed to you :) This is just a proof of concept of what a malicious user could do with this exploit.

So the people are actually nice enough not to steal the information that you entered but they are doing it more for a proof-of-concept.

News Source: Digg

CyberNotes: Blogmusik.net – Free Internet Virtual iPod AMD LIVE! Media Vault Gives You 25GB Of Free Storage September 15th, 2006 Written by Ryan
  1. Saurabh MinniSeptember 15, 2006 at 1:20 pm

    Guess the Google guys have fixed the page atleast if not the problem as a whole

    Reply
  2. TheBaron88September 15, 2006 at 3:01 pm

    There still restricting login, so i guess they have just taken it down whilst they fix the problem.

    Reply
  3. Radu CapanAll-StarSeptember 15, 2006 at 3:46 pm

    Lucky there is a screenshot in this article, because now the page says: “We’re sorry… but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can’t process your request right now.” And point to Download.com :) for tools.

    Reply
  4. KnightSeptember 15, 2006 at 5:48 pm

    At least I know the “Phishing Filter” works on FF2 :P

    Reply
  5. RyanAuthorSeptember 15, 2006 at 5:51 pm

    HA! You’re right, it is now marked as a phishing site. :D

    Reply
  6. AjayAll-StarSeptember 15, 2006 at 10:12 pm

    The Google Toolbar’s phishing filter also generated a warning.

    Reply
  7. Radu CapanAll-StarSeptember 16, 2006 at 12:57 am

    I’ve read only now the article of Eric Farraro (first link) and I have to say the guy was smart… or Google was really bad at security level? Somewhere between. A clevel solution for a not very solid service. Google Public Service Search it’s still down (This service is currently unavailable. Please try again later.) I never knew about it, but now it’s faimous? ;)

    Reply
  8. RyanAuthorSeptember 16, 2006 at 9:52 am
    Radu Capan wrote:
    I never knew about it, but now it’s faimous? ;)

    I don’t think this is the way they wanted it to become famous though. :D

    Reply
  10. NikoSeptember 16, 2006 at 1:24 pm

    It’s very surprising that they haven’t thought this when they coded template system or that nobody has found this before… maybe everyone else has thought that it won’t be possible that they have forgotten about javascript when google uses it on everypage? Well everyone makes mistakes…

    Reply