Full Disclosure mailing list archives
Google is vulnerable from XSS attack
From: n3td3v <xploitable () gmail com>
Date: Sat, 3 Dec 2005 04:36:47 +0000
Vendor: Google Service: Groups Issue: XSS in pending message page Description: The http://groups.google.com/group/n3td3v/pendmsg page is vulnerable from cross-site-scripting attack. This allows a malicious user to take the owner or moderator cookie from the user. This can then be used to access a groups administrative controls. Scenario: If a group is moderating messages before allowing a post, a malicious user can send a message to the vulnerable pendmsg page. If a group is unmoderated, but Google's anti-spam technology suspects a message is from a known spammer or phisher, the message goes to the pendmsg page. A malicious spammer or phisher can send a message to the vulnerable pendmsg page. Reproduction: Setup a test group and send a carefully crafted script to the pendmsg page. Proof of concept: <a class=newlink href="http://www.google.com/url?sa=D&q=http://www.google.com?<script>alert(document.cookie)</script>"> Remarks: This is my second Google disclosure in under a year. That makes two vulnerabilities for Google I have discovered. Can I make it a third? Maybe you can come back next year to find out. ;-) First disclosure: December 18th 2004 Second disclosure: December 3rd 2005 Credit: n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google is vulnerable from XSS attack n3td3v (Dec 02)
- Re: Google is vulnerable from XSS attack php0t (Dec 02)
- Re: Google is vulnerable from XSS attack InfoSecBOFH (Dec 03)
- Re: Google is vulnerable from XSS attack n3td3v (Dec 03)
- Re: Google is vulnerable from XSS attack bugtraq (Dec 03)
- Re: Google is vulnerable from XSS attack n3td3v (Dec 04)
- Re: Google is vulnerable from XSS attack ghost (Dec 05)
- Re: Google is vulnerable from XSS attack InfoSecBOFH (Dec 04)
- RE: Google is vulnerable from XSS attack Joseph Pierini (Dec 04)
- Re: Google is vulnerable from XSS attack InfoSecBOFH (Dec 03)
- Re: Google is vulnerable from XSS attack php0t (Dec 02)
- RE: Re: Google is vulnerable from XSS attack Joseph Pierini (Dec 05)