mailing list archives
Re: GMail, Google Groups XSS Vulnerability
From: "Darren Bounds" <dbounds () gmail com>
Date: Thu, 13 Apr 2006 09:43:06 -0400
Google Groups is now zipping HTML file attachments to force seperation.
This can be seen here:
GMail is still vulnerable.
On 4/11/06, Darren Bounds <dbounds () gmail com> wrote:
GMail, Google Groups XSS Vulnerability
April 11, 2006
GMail and Google Groups are vulnerable to an cross site scripting
(XSS) attack due to their reliance on Content-Disposition to provide
separation between the HTML file download and application scopes. The
result is the ability for an attacker to send / post a malicious HTML
file attachments which, when read using Internet Explorer, will
execute within the scope of the Google application allowing the theft
of sensitive user content.
A PoC is available on Google Groups at the following URL:
This vulnerability is directly related to my posting earlier this week
entitled "Microsoft Internet Explorer Content-Disposition HTML File
Handling Flaw" which can be found at the following URL:
Google has been notified.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/