mailing list archives
Re: GMail, Google Groups XSS Vulnerability
From: Steven Rakick <stevenrakick () yahoo com>
Date: Tue, 18 Apr 2006 19:12:26 -0700 (PDT)
So what's the deal here? I haven't seen any mention of
this XSS vulnerability anywhere else... but I just
tested it and it worked.
Isn't this a big deal for Google? It seems to me the
cookies accessible through GMail are pretty important,
not just for GMail but for their other services too.
Or am I missing something?
On 4/11/06, Darren Bounds <dbounds () gmail com> wrote:
GMail, Google Groups XSS Vulnerability
April 11, 2006
GMail and Google Groups are vulnerable to an cross
(XSS) attack due to their reliance on
Content-Disposition to provide
separation between the HTML file download and
application scopes. The
result is the ability for an attacker to send / post
a malicious HTML
file attachments which, when read using Internet
execute within the scope of the Google application
allowing the theft
of sensitive user content.
A PoC is available on Google Groups at the following
This vulnerability is directly related to my posting
earlier this week
entitled "Microsoft Internet Explorer
Content-Disposition HTML File
Handling Flaw" which can be found at the following
Google has been notified.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/