14 DAY TRIAL // Security researcher Prakhar Prasad of Security Pulse has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them.
The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate.
“[The vulnerability] allowed me to become an Editor on someone's Google Website Translator Service. The page had CSRF Protection, but the CSRF token check was skipped on server side,” the expert explained in a blog post.
Prasad has also discovered a clickjacking flaw in Gmail’s “Tasks” feature.
“I was able to add arbitrary tasks in users' task list. The affected page was missing X-FRAME-OPTIONS header,” he noted.
Check out the two POC videos to see how each of these security holes could have been exploited.
