A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.
Nir Goldshlageer is a security researcher, he recently found an Xss vulnerability in the Google Calendar and Twitter too. The HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site anytime the user viewed his or her Google Calendar agenda events.
“When the victim…(adds) this malicious code, his cookies (and) session ID will be stolen and will be sent to the attacker site," he said. "Then the attacker will be able to get full control of the victim’s Google accounts like: Google Calendar account, Google Groups, iGoogle, etc.”
Obviously when the hacker, hacks the Google calendar account he will be able to easily hack the Google account as all the Google services are joint to each other. This is big vulnerability in the Google i am saying it from the starting but lets see what Google do next.
"They should fix this immediately, because an attacker can redirect a victim to any site that he wants, and the XSS issue an attacker can steal the victim's cookies and get full control of his accounts," Nir Goldshlageer said.
Whatever is the story the Google and twitter are a big targets that are continued to be a target for hackers like us.
What do You think ?