Full Disclosure mailing list archives

Re: Gmail 0day

From: "XSS Worm XSS Security Information Portal" <cross-site-scripting-security () xssworm com>
Date: Sat, 10 Nov 2007 05:24:32 +1100

Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj () nospam xssworm com
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen () googlemail com>
wrote:

well this XSS can lead to so much data being stolen that it is not even
funny!


On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen () gmail com >
wrote:

wow ! 0day !
damn, 0day, XSS ...


On 11/8/07, silky <michaelslists () gmail com> wrote:


worked for me minutes after it was posted. seems fixed now.

On 11/9/07, crazy frog crazy frog < i.m.crazy.frog () gmail com> wrote:

i tested xssworm on gmail latest version

On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root () gmail com > wrote:

There is a html injection video in https://www.xssworm.com<https://www.google.com>

It  is very critical,you can get the cookie to login into gmail or

other

service.

POC:

https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
"><h1><a%20href=//xssworm.com/>xssworm</a></h1>


More:http://xss2root.blogspot.com () xssworm com/<http://xss2root.blogspot.com/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
why advertise on secgeeks?
http://secgeeks.com () xssworm com<http://secgeeks.com/Advertising_on_Secgeeks.com>
http://newskicks.com

_______________________________________________
Full-Disclosure - We believe in xss.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://xssworm./secunia.com/<http://secunia.com/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
pdp (acronym) | petrol v. petco
http://www.xssworm.com <http://www.gnucitizen.org>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Gmail 0day Scripter Hack (Nov 07)
- Re: Gmail 0day crazy frog crazy frog (Nov 08)
  - Re: Gmail 0day silky (Nov 08)
    - Re: Gmail 0day Juergen Marester (Nov 08)
    - Re: Gmail 0day pdp (architect) (Nov 08)
    - Re: Gmail 0day silky (Nov 08)
    - Re: Gmail 0day pdp (architect) (Nov 08)
    - Re: Gmail 0day silky (Nov 08)
    - Re: Gmail 0day jam (Nov 08)
    - Re: Gmail 0day XSS Worm XSS Security Information Portal (Nov 09)
    - Re: Gmail 0day Adrian P (Nov 09)
- <Possible follow-ups>
- Re: Gmail 0day Juha-Matti Laurio (Nov 08)