Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: XSS vulnerabilities in Google.com

Re: XSS vulnerabilities in Google.com

From: Mohit Muthanna <mohit.muthanna_at_gmail.com>
Date: Wed, 21 Dec 2005 09:02:08 -0500

On 12/21/05, GroundZero Security <fd_at_g-0.org> wrote:
>
> are we starting to post vulnerabilities in specific websites now rather than
> daemons/clients etc. ?

When it's a website with a user-base as large as what Google has, yes.

When there is a possibility that user accounts can be compromised, yes.

> i mean there are thousands of websites which are vulnerable to xss,sql
> injection or worse because of their
> custom scripts.

Sure, but "google != howardsblog.com". A large part of the population
(including myself) relies on Google's various services for day-to-day
use. I sure as hell would not feel comfortable knowing that I'm using
a service that can potentially leak my information.

If there is a vulnerability, no matter how trivial, the public needs to know.

> in my opinion this should be posted to the website owners if
> you feel like, but its of no real use
> to the security community.

That's quite a blanket statement to make. I'm sure a few people in the
"security community" would like to know that there exists a
vulnerability in a Google service.

> hm another thing i'm wondering about is, is it
> legal to just audit a website without
> asking the owner if its ok ?

No. But a site need not be audited to discover a bug.

> how will he know its not a real attack? ok as
> for xss there cant be much harm done
> to the server itself,

XSS can do a lot of harm. A compromised administrator account is
generally a compromised server. There are some good XSS resources on
the web you can read up on.

The bug that was discovered by the parent poster may not lead to a
server compromise; but that is no reason to discount or underestimate
XSS.

> but what if, for example, you cause a DoS through
> testing certain variables for overflows ?

Then, my friend, you have discovered a bug.

Mohit. 

--
Mohit Muthanna [mohit (at) muthanna (uhuh) com]
"There are 10 types of people. Those who understand binary, and those
who don't."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 21 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]