| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00f001c769dc$793422d0$030ba8c0@redmond.corp.microsoft.com> Date: Sun, 18 Mar 2007 21:10:01 -0700 From: <chris@...tsrightrecords.com> To: "'beNi'" <backebackekuchen@...il.com>, <websecurity@...appsec.org>, "'RSnake'" <h@...rs.org>, <full-disclosure@...ts.grok.org.uk> Subject: Re: [WEB SECURITY] GMail Contact Information Disclosure PoC Nice find. There's a common problem when an organization gets so large that the right hand doesn't talk to the left. I'm not sure what the AuthToken would be useful for, I don't see it anywhere in my authenticated request (e.g. not in the cookie or any other data). The XSS is more nasty than the XML data though, because from what I can tell a login to gmail sets a cookie for .google.com, allowing you to use your same XSS to get the contact list from a one-click (or XSRF) attack to the gmail call which returns the same contact list. Both are nasty because they're serving up that data over non-SSL channels. -----Original Message----- From: beNi [mailto:backebackekuchen@...il.com] Sent: Wednesday, March 14, 2007 11:57 AM To: websecurity@...appsec.org; RSnake; full-disclosure@...ts.grok.org.uk Subject: [WEB SECURITY] GMail Contact Information Disclosure PoC This is my GMail Contact information Disclosure Proof Of Concept Exploit, allowing you to read the Email addresses of all contacts of the currently logged in Google user. http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/ (It also Allows you to check if someone is currently logged into Google Services + Serves you the Authentication Token) have fun and cheers, benjamin -- benjamin "beNi" flesch mybeNi.tk websecurity - http://mybeNi.rootzilla.de/mybeNi/ (coolest guy in da hood) ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists