Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Gmail 0day
From: "XSS Worm XSS Security Information Portal" <cross-site-scripting-security () xssworm com>
Date: Sat, 10 Nov 2007 05:24:32 +1100

Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!! 
() !!!@@!!! () !@!&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!! 
() !!!@@!!! () 
!@!&q=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21
 () %21%21%21@@%21%21%21 () 
%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21 () 
%21%21%21@@%21%21%21 () %21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj () nospam xssworm com
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen () googlemail com>
wrote:

well this XSS can lead to so much data being stolen that it is not even
funny!


On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen () gmail com >
wrote:

wow ! 0day !
damn, 0day, XSS ...


On 11/8/07, silky <michaelslists () gmail com> wrote:

worked for me minutes after it was posted. seems fixed now.

On 11/9/07, crazy frog crazy frog < i.m.crazy.frog () gmail com> wrote:
i tested xssworm on gmail latest version

On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root () gmail com > wrote:
There is a html injection video in https://www.xssworm.com<https://www.google.com>
.
It  is very critical,you can get the cookie to login into gmail or
other
service.

POC:

https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
"><h1><a%20href=//xssworm.com/>xssworm</a></h1>

More:http://xss2root.blogspot.com () xssworm com/<http://xss2root.blogspot.com/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
why advertise on secgeeks?
http://secgeeks.com () xssworm com<http://secgeeks.com/Advertising_on_Secgeeks.com>
http://newskicks.com

_______________________________________________
Full-Disclosure - We believe in xss.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://xssworm./secunia.com/<http://secunia.com/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
pdp (acronym) | petrol v. petco
http://www.xssworm.com <http://www.gnucitizen.org>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]