Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Disappearing Google Adwords Contextual Adverts

From: n3td3v <n3td3v () gmail com>
Date: Tue, 25 Apr 2006 01:13:01 +0100
Vendor:
Google Inc (GOOG)

Service:
Groups

Description:
Google has an archive of Usenet since 1981 on its network. However,
Google decided to build a new Groups interface known as Google Groups
2 or GG2 for short.


Issue:
This is a test group.

n3td3v broke this group by exploiting the way Google treats "#"'s on
the web interface.


Because of this lots is possible.
Multiple attack vectors, including, but not limited to:


1) [Obscurity] Obscure "Yes" to delete message functionality. (See screenshot)
This thread cannot be deleted easily by obscuring the "Yes" to delete
option on the message delete page which the owner and moderator of a
group has access to, because the subject header is extra long.
http://groups.google.com/group/n3td3v-security/browse_thread/thread/466f175ae21d9b64/91bbdcdfc4abf8cb?lnk=raot#91bbdcdfc4abf8cb

2) [Fraud] Kill Google Ads - Kill Google ads during your penis
enlargement attack. (See screenshot)
This thread runs data over Adwords contextual ads and gives the ability
to make the ads disappear when using "view message with text"
interface on the group archive (http://groups.google.com/group/n3td3v-security).
http://groups.google.com/group/n3td3v-security/browse_thread/thread/ae84e1149c593ff6/16b4f82db867a7ec#16b4f82db867a7ec

3) [Phishing] Make a topic look busy. Make a new topic goto the
bottom, instead of the top when using "view
message with text" interface on the group archive
(http://groups.google.com/group/n3td3v-security), and fake how many
replies a thread has
http://groups.google.com/group/n3td3v-security/browse_thread/thread/120172140c2fe33a/a4b2c663908b44df?lnk=raot#a4b2c663908b44df

4) [Phishing] More reason to click on a thread. Force a victim to open
a message to see whats inside.
Make a message have no message text when using "view message with text"
interface on the group archive (http://groups.google.com/group/n3td3v-security).
http://groups.google.com/group/n3td3v-security/browse_thread/thread/e1fc3f0cd5f3b6e3

Overview:
With a carefully crafted message, a penis enlargement attack on Google
is possible, if you add each example into one super message.

See screenshots attached as proof.

The real zero-day isn't here.
Because of the way Google treats "#"'s, you can hack various Google
services. I guess theres going to be lots of Google vulnerabilites sent
to FD now for its search engine, gmail etc now too.





Happy researching, this is just the tip of the iceberg of whats
possible.

Credit:
n3td3v

Personal:
See you next time Google!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: