Friday 8 May 2015

     Session Hijack Bug...



Google History hijack Bug Found

some days before when i was  working on our blog lexibeelabs.blogspot.com we found this bug in google which allow an attacker to get all search history And Session Info. of victim.
In this Bug an gmail acc. work as backdoor
smile emoticon




____________________________
How To Exploit :-
  1. A New created gmail account. Example backdoor@gmail.com
now you need access to victim. and login in his / her pc with your created account. and come back home.
  1. wait for some days or hours and now login in same gmail account which you used in victim computer. now open google and go to search history&sessions and you get all history and session information which victim browse.
ADVANTAGE :-
  1. Get session information & history without using spy programs or RAT remote access trojans
  1. Also get mozzila or other browsers history and sessions by google sync.
  1. doesn't raise any alarm and also no addon's or extensions detect it.
  1. Also No AV' Detection
tongue emoticon
ofc because its google
  1. Get Cookies of victim.
  1. And Many More.
Gr33ts : Examin1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)