Paper: Overtaking Google Desktop

Written by Yair Amit, Danny Allan and Adi Sharabani, Watchfire

Saturday, 24 February 2007

As Yair Amit wrote in BugTraq: "In this paper, we present a step-by-step attack flow that circumvents Google Desktop's protection mechanisms and allows a malicious attack to take place against Google Desktop users. The attack is composed of web-application security flaws found in Google Desktop along with exploitation of Google Desktop's tight integration with the website. The paper shows that it is possible to achieve a remote and persistent access to sensitive data on attacked systems. In addition, under certain conditions, it is also possible to covertly inject and execute malicious applications on attacked systems, using Google Desktop's own features."

The full paper can be downloaded from:

A demonstration of  the attack, can be found at:

Share this content:
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.