lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3a166c090604241713w24e18d66o7ce1dba20f2cd91b@mail.gmail.com>
Date: Tue Apr 25 01:13:09 2006
From: n3td3v at gmail.com (n3td3v)
Subject: Disappearing Google Adwords Contextual Adverts

Vendor:
Google Inc (GOOG)

Service:
Groups

Description:
Google has an archive of Usenet since 1981 on its network. However,
Google decided to build a new Groups interface known as Google Groups
2 or GG2 for short.


Issue:
This is a test group.

n3td3v broke this group by exploiting the way Google treats "#"'s on
the web interface.


Because of this lots is possible.
Multiple attack vectors, including, but not limited to:


1) [Obscurity] Obscure "Yes" to delete message functionality. (See screenshot)
This thread cannot be deleted easily by obscuring the "Yes" to delete
option on the message delete page which the owner and moderator of a
group has access to, because the subject header is extra long.
http://groups.google.com/group/n3td3v-security/browse_thread/thread/466f175ae21d9b64/91bbdcdfc4abf8cb?lnk=raot#91bbdcdfc4abf8cb

2) [Fraud] Kill Google Ads - Kill Google ads during your penis
enlargement attack. (See screenshot)
This thread runs data over Adwords contextual ads and gives the ability
to make the ads disappear when using "view message with text"
interface on the group archive (http://groups.google.com/group/n3td3v-security).
http://groups.google.com/group/n3td3v-security/browse_thread/thread/ae84e1149c593ff6/16b4f82db867a7ec#16b4f82db867a7ec

3) [Phishing] Make a topic look busy. Make a new topic goto the
bottom, instead of the top when using "view
message with text" interface on the group archive
(http://groups.google.com/group/n3td3v-security), and fake how many
replies a thread has
http://groups.google.com/group/n3td3v-security/browse_thread/thread/120172140c2fe33a/a4b2c663908b44df?lnk=raot#a4b2c663908b44df

4) [Phishing] More reason to click on a thread. Force a victim to open
a message to see whats inside.
Make a message have no message text when using "view message with text"
interface on the group archive (http://groups.google.com/group/n3td3v-security).
http://groups.google.com/group/n3td3v-security/browse_thread/thread/e1fc3f0cd5f3b6e3

Overview:
With a carefully crafted message, a penis enlargement attack on Google
is possible, if you add each example into one super message.

See screenshots attached as proof.

The real zero-day isn't here.
Because of the way Google treats "#"'s, you can hack various Google
services. I guess theres going to be lots of Google vulnerabilites sent
to FD now for its search engine, gmail etc now too.





Happy researching, this is just the tip of the iceberg of whats
possible.

Credit:
n3td3v

Personal:
See you next time Google!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ