Pakistani Hacker Discovers Vulnerability in Gmail that Allowed Hijacking of Any Email ID
















It is only possible if one of the following cases is true:
  • If recipients smtp is offline.
  • If recipient have deactivated his email.
  • If recipient does not exist.
  • If recipient exists but have blocked us.
Furthermore, the procedure is as following:
  • Attacker try’s to confirm ownership of xyz@gmail.com.
  • Google sends email to xyz@gmail.com for confirmation.
  • xyz@gmail.com is not capable to receive email so email is bounced back to sender
  • This bounced email will have the verification code
  • Attacker takes that verification code and confirms his ownership to xyz@gmail.com.

About Google’s Vulnerability Reward Program (VRP)

Google started this program to highlight bugs and other hacking vulnerabilities faced by Google-owned web service.
The scope also included Google-developed apps and extensions published in Google Play, iTunes or Chrome Web Store.
For the vulnerability to qualify for VRP, the bug has to lie in one of the following categories:
  • Cross-site scripting,
  • Cross-site request forgery,
  • Mixed-content scripts,
  • Authentication or authorization flaws,
  • Server-side code execution bugs.
Whoever highlights the vulnerabilities and creates a guide on how it can be exploited can earn up to $20,000 from Google as a reward.

No comments:

Post a Comment


© [Ritik banger] and [Hacker ritz], [2017]. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to [Ritik banger] and [Hacker ritz] with appropriate and specific direction to the original content.
Designed by Ritik Banger . All rights reserved . Powered by Blogger.
© Copyright 2017. Website by Hacker Ritz