Full Disclosure mailing list archives
Re: GMail, Google Groups XSS Vulnerability
From: "Darren Bounds" <dbounds () gmail com>
Date: Thu, 13 Apr 2006 09:43:06 -0400
Google Groups is now zipping HTML file attachments to force seperation. This can be seen here: http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b GMail is still vulnerable. On 4/11/06, Darren Bounds <dbounds () gmail com> wrote:
GMail, Google Groups XSS Vulnerability April 11, 2006 GMail and Google Groups are vulnerable to an cross site scripting (XSS) attack due to their reliance on Content-Disposition to provide separation between the HTML file download and application scopes. The result is the ability for an attacker to send / post a malicious HTML file attachments which, when read using Internet Explorer, will execute within the scope of the Google application allowing the theft of sensitive user content. A PoC is available on Google Groups at the following URL: http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b This vulnerability is directly related to my posting earlier this week entitled "Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw" which can be found at the following URL: http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html Google has been notified. -- Thank you, Darren Bounds
-- Thank you, Darren Bounds _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GMail, Google Groups XSS Vulnerability Darren Bounds (Apr 11)
- Re: GMail, Google Groups XSS Vulnerability Darren Bounds (Apr 13)
- <Possible follow-ups>
- Re: GMail, Google Groups XSS Vulnerability Steven Rakick (Apr 18)