Re: [Full-disclosure] Google is vulnerable from XSS attack
shut, the, fuck, up, yellow, bus, rider. smooches! On 12/4/05, n3td3v <[EMAIL PROTECTED]> wrote: > [drama] > [idiot in the wild wild] > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Google is vulnerable from XSS attack
>Absolutely, I agree. But in this specifc case, its not all that useful. Please, for the love of god, do not get him riled up again. Can we all just say "N3td3v, thanks for the info. Wow, it must have been an exhaustive search to find that needle in a haystack. I'm sure Google appreciates your time and effort." Now back away and don't make any sudden movements any maybe, just maybe, FD won't be flooded with the noise we've had to put up with for weeks. Thanks, JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
"XSS is 'starting' to get fairly useful." Absolutely, I agree. But in this specifc case, its not all that useful. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
[drama] [wild imagination] ***Millions of e-mail addresses exposed to hackers*** *Hacker gets access to every group, made easier by his/her worm script (likely a hacker would do this) *Hacker harvests all e-mail addresses exposed and sells to spammer (likely a hacker would do this) *Hacker deletes all groups on network, made easier by his/her worm script (unlikely a hacker would do this) Assuming the hacker still has access to administrative controls for every group, he/she can conitinue to harvest new e-mail addresses and delete groups with the flaw patched. How much is an e-mail list of that size worth to spammers? I'm sure a hacker always fancied being a millionaire. [/wild imagination] [/drama] On 12/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > XSS is 'starting' to get fairly useful. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
> So how about a real world attack scenario for this. This is one of > the lamest vulns I have ever seen. Until about a year ago, I'd have to agree with you. A lot of uses for XSS have been researched in the last year including a few new ways to use it make it 'useful'. Not only can you do standard cookie hijacking with XSS, but combined with browser flaws XSS 'could' (in certain situations) be used to help portscan and possible exploit(carry exploit payloads) a backend network behind a firewall (to the user visiting the XSS'd link), as well as gather Basic Auth credentials(or other headers) via XST attacks. Jeremiah Grossman presented at blackhat and showed that it's possible to capture keystrokes from a user that has visited a 'XSS'd' link as well as have bidirectional communication with them. Functionality such as xmlhttp can greatly expand the usefulness of Cross Site Scripting. The Cross Site Scripting FAQ http://www.cgisecurity.com/articles/xss-faq.shtml Cross-Site Tracing (XST) (Official Mirror) http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf AJAX (Asynchronous Javascript and XML) Links http://www.cgisecurity.com/ajax/ Jeremiah's blackhat talk http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-grossman.pdf XSS is 'starting' to get fairly useful. Regards, - [EMAIL PROTECTED] http://www.cgisecurity.com/ (Web Security News, and More!) http://www.cgisecurity.com/index.rss (Web Security News RSS Feed) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
The capabilities of a XSS flaw are endless. You know what you're talking about, right? Maybe not. ;-) On 12/3/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > So how about a real world attack scenario for this. This is one of > the lamest vulns I have ever seen. > > Oh great, more useless XSS vulns. Sigh... perhaps one day you will > learn to actually come up with something remote and useful... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
So how about a real world attack scenario for this. This is one of the lamest vulns I have ever seen. > > Remarks: This is my second Google disclosure in under a year. That > > makes two vulnerabilities for Google I have discovered. Oh great, more useless XSS vulns. Sigh... perhaps one day you will learn to actually come up with something remote and useful... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google is vulnerable from XSS attack
Proof of concept: http://www.google.com/url?sa=D&q=http://www.google.com? alert(document.cookie)"> Remarks: This is my second Google disclosure in under a year. That makes two vulnerabilities for Google I have discovered. Credit: n3td3v wall ... bad... head .. hurt. ouch. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Google is vulnerable from XSS attack
Vendor: Google Service: Groups Issue: XSS in pending message page Description: The http://groups.google.com/group/n3td3v/pendmsg page is vulnerable from cross-site-scripting attack. This allows a malicious user to take the owner or moderator cookie from the user. This can then be used to access a groups administrative controls. Scenario: If a group is moderating messages before allowing a post, a malicious user can send a message to the vulnerable pendmsg page. If a group is unmoderated, but Google's anti-spam technology suspects a message is from a known spammer or phisher, the message goes to the pendmsg page. A malicious spammer or phisher can send a message to the vulnerable pendmsg page. Reproduction: Setup a test group and send a carefully crafted script to the pendmsg page. Proof of concept: http://www.google.com/url?sa=D&q=http://www.google.com?alert(document.cookie)"> Remarks: This is my second Google disclosure in under a year. That makes two vulnerabilities for Google I have discovered. Can I make it a third? Maybe you can come back next year to find out. ;-) First disclosure: December 18th 2004 Second disclosure: December 3rd 2005 Credit: n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/