lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060419021226.3787.qmail@web53209.mail.yahoo.com>
Date: Tue, 18 Apr 2006 19:12:26 -0700 (PDT)
From: Steven Rakick <stevenrakick@...oo.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: GMail, Google Groups XSS Vulnerability


So what's the deal here? I haven't seen any mention of
this XSS vulnerability anywhere else... but I just
tested it and it worked. 

Isn't this a big deal for Google? It seems to me the
cookies accessible through GMail are pretty important,
not just for GMail but for their other services too.
Or am I missing something? 

On 4/11/06, Darren Bounds <dbounds@...il.com> wrote:
> GMail, Google Groups XSS Vulnerability
> April 11, 2006
> 
> GMail and Google Groups are vulnerable to an cross
site scripting
> (XSS) attack due to their reliance on
Content-Disposition to provide
> separation between the HTML file download and
application scopes. The
> result is the ability for an attacker to send / post
a malicious HTML
> file attachments which,  when read using Internet
Explorer, will
> execute within the scope of the Google application
allowing the theft
> of sensitive user content.
> 
> A PoC is available on Google Groups at the following
URL:
> 
>
http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b
> 
> This vulnerability is directly related to my posting
earlier this week
> entitled "Microsoft Internet Explorer
Content-Disposition HTML File
> Handling Flaw" which can be found at the following
URL:
> 
>
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html
> 
> Google has been notified.
> 
> 
> --
> 
> Thank you,
> Darren Bounds
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ