Full Disclosure mailing list archives
Re: GMail, Google Groups XSS Vulnerability
From: Steven Rakick <stevenrakick () yahoo com>
Date: Tue, 18 Apr 2006 19:12:26 -0700 (PDT)
So what's the deal here? I haven't seen any mention of this XSS vulnerability anywhere else... but I just tested it and it worked. Isn't this a big deal for Google? It seems to me the cookies accessible through GMail are pretty important, not just for GMail but for their other services too. Or am I missing something? On 4/11/06, Darren Bounds <dbounds () gmail com> wrote:
GMail, Google Groups XSS Vulnerability April 11, 2006 GMail and Google Groups are vulnerable to an cross
site scripting
(XSS) attack due to their reliance on
Content-Disposition to provide
separation between the HTML file download and
application scopes. The
result is the ability for an attacker to send / post
a malicious HTML
file attachments which, when read using Internet
Explorer, will
execute within the scope of the Google application
allowing the theft
of sensitive user content. A PoC is available on Google Groups at the following
URL:
http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b
This vulnerability is directly related to my posting
earlier this week
entitled "Microsoft Internet Explorer
Content-Disposition HTML File
Handling Flaw" which can be found at the following
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html
Google has been notified. -- Thank you, Darren Bounds
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GMail, Google Groups XSS Vulnerability Darren Bounds (Apr 11)
- Re: GMail, Google Groups XSS Vulnerability Darren Bounds (Apr 13)
- <Possible follow-ups>
- Re: GMail, Google Groups XSS Vulnerability Steven Rakick (Apr 18)