Full Disclosure mailing list archives
Re: XSS vulnerabilities in Google.com
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Wed, 21 Dec 2005 13:27:03 -0800
i see no "n3td3v" credits here... further, i cant concieve of the fact that you would even know what UTF-7 encoding is. IMO all you have ever done is notice weird behavior when info is pulled into your Google group ( like your 1st post about google groups about 9 months ago or so ) from other sources ( or replies ). XSS can be bad or benign depending on if it is persistant in nature or not ( if not it requires a user to click a preformed XSS url ). And yes, persistant XSS can be used to root users if coupled with the latest browser exploit ( and any admin behind the sites firewall / corporate infrastructure ). In the future may I suggest the folowing.... 1. find your flaw 2. write an advisory 3. send it to the vendor 4. wait for response 5. wait for patches 6. disclose advisory formaly 7. stfu and find your next flaw cheers, mw //=====================>> Security Advisory <<=====================// --------------------------------------------------------------------- XSS vulnerabilities in Google.com --------------------------------------------------------------------- --[ Author: Yair Amit , Watchfire Corporation http://www.watchfire.com --[ Discovery Date: 15/11/2005 --[ Initial Vendor Response: 15/11/2005 --[ Issue solved: 01/12/2005 --[ Website: www.google.com --[ Severity: High
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: XSS vulnerabilities in Google.com, (continued)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)
- Re: XSS vulnerabilities in Google.com Stan Bubrouski (Dec 21)
- Re: XSS vulnerabilities in Google.com Mohit Muthanna (Dec 21)
- Re: XSS vulnerabilities in Google.com GroundZero Security (Dec 21)
- Re: XSS vulnerabilities in Google.com Romain Chantereau (Dec 21)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)
- Re: XSS vulnerabilities in Google.com GroundZero Security (Dec 21)
- Re: XSS vulnerabilities in Google.com fok yo (Dec 21)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)
- Re: XSS vulnerabilities in Google.com Mohit Muthanna (Dec 21)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)
- Re: XSS vulnerabilities in Google.com GroundZero Security (Dec 21)
- Re: XSS vulnerabilities in Google.com fok yo (Dec 21)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)
- Re: XSS vulnerabilities in Google.com GroundZero Security (Dec 21)
- Re: XSS vulnerabilities in Google.com n3td3v (Dec 21)