Thursday, 28 July 2011

Google Groups Profile CSRF

Google Groups profile page was vulnerable to CSRF attack to delete profile picture of an authenticated user. A simple GET request to http://groups.google.com/groups/profile/addphoto?Action.Delete=1 would delete user’s current profile picture without his/her knowledge. This was possible due to absence of anti-CSRF measures.

This vulnerability is currently patched by Google. Here are the snaps of vulnerability in action.

Before the exploitation:


After CSRF exploitation: