| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Dec 2004 22:16:13 +0000 From: n3td3v <xploitable@...il.com> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: Script Injection in Google Groups Beta On Fri, 17 Dec 2004 21:59:00 +0000, n3td3v <xploitable@...il.com> wrote: > On Fri, 17 Dec 2004 21:29:24 +0000, n3td3v <xploitable@...il.com> wrote: > > When I was testing Google Groups Beta > > (http://groups-beta.google.com/group/n3td3v) I found the script tags > > executed on the Google Groups site. This only seems to work while > > clicking on a reply thread, using the reply menu, featured on a given > > groups homepage, when an older thread gets a reply. > > > > If the thread reply you try to open has a script in it, then the > > script executes, instead of taking you to the reply to the thread you > > were attempting to view. > > > > An attacker can send a reply to a thread on Google Groups Beta with a > > carefully crafted script in it, to exploit Google Group Beta users! > > > > This is probably just the tip of the ice berg of something bigger, but > > I thought I better mention it before malicious users started > > exploiting people. > > > > Discovered today by n3td3v. > > > > Thanks, n3td3v. > > > > Proof of concept: > http://groups-beta.google.com/group/n3td3v/browse_thread/thread/2379f18f5986c985 > Forget my original e-mail... you just need to view any thread from a given Google Groups Beta site and you can be vulnerable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists