Google Wallet CSRF

June 13, 2012

Summery

I recently reported CSRF vulnerability to Google.  Vulnerable domain is wallet.google.com , Normally it forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

Vulnerable URL:

https://wallet.google.com/buyerSignup?continue=https://wallet.google.com/manage/bootstrap.html?u%3Dhttps%253A%252F%252Fwallet.google.com%252Fmanage%26pli%3D1&hsk=1&pli=1&s7e=creditcard.cardNumber:n;creditcard.cvv:n&coc=IN

It was missing XSRF protection Token.
Id
Email
Passwd
PasswdAgain
address.phone
address_cmenu
address_ecmenu
address_name
address_state
address_state_menu
address_street1
address_street2
address_town
address_town_menu
address_zip
creditcard.CreditCardCvvTextField
creditcard.CreditCardNumberTextField
creditcard.cardBrand
creditcard.ccExpMonth
creditcard.ccExpYear
creditcard.ccIssueId
creditcard.ccStartMonth
creditcard.ccStartYear
creditcard.lastDigits
creditcard.phone
creditcard.type
creditcard_cmenu
creditcard_ecmenu
creditcard_name
creditcard_state
creditcard_state_menu
creditcard_street1
creditcard_street2
creditcard_town
creditcard_town_menu
creditcard_zip
i18nToSUrl
keyfields
keylog
shippingRadioA
shippingRadioB
submitbutton
submitbutton

POC I will upload after some time Thanks Google For listing me In Google Hall of fame and for quick Fix

We Provide Penetration Testing

Leave a Reply

Your email address will not be published. Required fields are marked *

*




We Provide Penetration Testing