Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: GMail, Google Groups XSS Vulnerability
From: Steven Rakick <stevenrakick () yahoo com>
Date: Tue, 18 Apr 2006 19:12:26 -0700 (PDT)

So what's the deal here? I haven't seen any mention of
this XSS vulnerability anywhere else... but I just
tested it and it worked. 

Isn't this a big deal for Google? It seems to me the
cookies accessible through GMail are pretty important,
not just for GMail but for their other services too.
Or am I missing something? 

On 4/11/06, Darren Bounds <dbounds () gmail com> wrote:
GMail, Google Groups XSS Vulnerability
April 11, 2006

GMail and Google Groups are vulnerable to an cross
site scripting
(XSS) attack due to their reliance on
Content-Disposition to provide
separation between the HTML file download and
application scopes. The
result is the ability for an attacker to send / post
a malicious HTML
file attachments which,  when read using Internet
Explorer, will
execute within the scope of the Google application
allowing the theft
of sensitive user content.

A PoC is available on Google Groups at the following


This vulnerability is directly related to my posting
earlier this week
entitled "Microsoft Internet Explorer
Content-Disposition HTML File
Handling Flaw" which can be found at the following


Google has been notified.


Thank you,
Darren Bounds

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]