| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee9310512022036j71d64dcbk7c79aef077ad8e66@mail.gmail.com> Date: Sat Dec 3 04:38:37 2005 From: xploitable at gmail.com (n3td3v) Subject: Google is vulnerable from XSS attack Vendor: Google Service: Groups Issue: XSS in pending message page Description: The http://groups.google.com/group/n3td3v/pendmsg page is vulnerable from cross-site-scripting attack. This allows a malicious user to take the owner or moderator cookie from the user. This can then be used to access a groups administrative controls. Scenario: If a group is moderating messages before allowing a post, a malicious user can send a message to the vulnerable pendmsg page. If a group is unmoderated, but Google's anti-spam technology suspects a message is from a known spammer or phisher, the message goes to the pendmsg page. A malicious spammer or phisher can send a message to the vulnerable pendmsg page. Reproduction: Setup a test group and send a carefully crafted script to the pendmsg page. Proof of concept: <a class=newlink href="http://www.google.com/url?sa=D&q=http://www.google.com?<script>alert(document.cookie)</script>"> Remarks: This is my second Google disclosure in under a year. That makes two vulnerabilities for Google I have discovered. Can I make it a third? Maybe you can come back next year to find out. ;-) First disclosure: December 18th 2004 Second disclosure: December 3rd 2005 Credit: n3td3v
Powered by blists - more mailing lists