Google Email Recovery Vulnerability (Removing Secondary E-mail Address -Self Exploit
#Title: Google Email Recovery Vulnerability (Removing Secondary E-mail Address -Self Exploitation)
#Author: Sandeep Kamble
#Risk Factor: Low (Why low please read below)
#Attack Type: A User can access B User account Link to remove secondary E-mail address
#Reported Date: OCT 21 , 2011
Overview:
In Google account setting page, when you reset Google account password, it send Reset Password link to your secondary email address. Into that mail there is one more link which can be used remove your secondary email address.
Vulnerability Description:
This Vulnerability can be used to remove secondary email address. In this vulnerability we needed to guess ?C variable token to access the any users account link that can be used to remove secondary email address ?C variable token is generating at sever side so that it is not possible to guess this token and so that it can be performed at victim side only. (Self Exploitation)
Vulnerable Link
https://www.google.com/accounts/Acco...z_7p8Z4B&hl=en
Link it has two options, one option is to remove the Secondary and one option to negated email removing operation.
The above like is accessible to everyone. We cannot generate the token number so we can find the token using
Google Dork: Inurul : /AccountDisavow?c=
If you click on the radio button, “No, I didn't create *******@gmail.com - remove my email address, ********@yahoo.com, from this Google Account. “ and then click continue it will remove the email and delete the link token.
This link will be dead, No one can access it again !
But if you click on the,” Yes, *******@gmail.com is my Google Account. ” and press continue.
When u Click on the this radio button the token is not getting deleted, so that may be pages are indexed into Google
Proof of Concept
Source : Here
The content on Hacking Beast like Hacking Articles, Cyber News etc are provided by many sources ( email,messages,internet etc) , we do not take any responsibility of your activities. The news provided by us on this site is gathered from various sources. if any person have some FAQ's in their mind they can Contact Us. and you can also read our Disclamier for more info. Thank You !
If you enjoyed Hacking Beast Articles , Make sure you subscribe to our RSS feed. Stay Updated about latest Hacking News, Tips and Tricks,and Cyber News.! and recieve all our emails and latest posts directly in your inbox to enjoy fast and easy reading . Thank You!
#Author: Sandeep Kamble
#Risk Factor: Low (Why low please read below)
#Attack Type: A User can access B User account Link to remove secondary E-mail address
#Reported Date: OCT 21 , 2011
Overview:
In Google account setting page, when you reset Google account password, it send Reset Password link to your secondary email address. Into that mail there is one more link which can be used remove your secondary email address.
Vulnerability Description:
This Vulnerability can be used to remove secondary email address. In this vulnerability we needed to guess ?C variable token to access the any users account link that can be used to remove secondary email address ?C variable token is generating at sever side so that it is not possible to guess this token and so that it can be performed at victim side only. (Self Exploitation)
Vulnerable Link
https://www.google.com/accounts/Acco...z_7p8Z4B&hl=en
Link it has two options, one option is to remove the Secondary and one option to negated email removing operation.
The above like is accessible to everyone. We cannot generate the token number so we can find the token using
Google Dork: Inurul : /AccountDisavow?c=
If you click on the radio button, “No, I didn't create *******@gmail.com - remove my email address, ********@yahoo.com, from this Google Account. “ and then click continue it will remove the email and delete the link token.
This link will be dead, No one can access it again !
But if you click on the,” Yes, *******@gmail.com is my Google Account. ” and press continue.
When u Click on the this radio button the token is not getting deleted, so that may be pages are indexed into Google
Proof of Concept
Source : Here
The content on Hacking Beast like Hacking Articles, Cyber News etc are provided by many sources ( email,messages,internet etc) , we do not take any responsibility of your activities. The news provided by us on this site is gathered from various sources. if any person have some FAQ's in their mind they can Contact Us. and you can also read our Disclamier for more info. Thank You !If you enjoyed Hacking Beast Articles , Make sure you subscribe to our RSS feed. Stay Updated about latest Hacking News, Tips and Tricks,and Cyber News.! and recieve all our emails and latest posts directly in your inbox to enjoy fast and easy reading . Thank You!