[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google is vulnerable from XSS attack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Google is vulnerable from XSS attack
From: n3td3v <xploitable@xxxxxxxxx>
Date: Mon, 5 Dec 2005 02:57:57 +0000

[drama]
[wild imagination]

***Millions of e-mail addresses exposed to hackers***

*Hacker gets access to every group, made easier by his/her worm script
(likely a hacker would do this)
*Hacker harvests all e-mail addresses exposed and sells to spammer
(likely a hacker would do this)
*Hacker deletes all groups on network, made easier by his/her worm
script (unlikely a hacker would do this)

Assuming the hacker still has access to administrative controls for
every group, he/she can conitinue to harvest new e-mail addresses and
delete groups with the flaw patched.

How much is an e-mail list of that size worth to spammers? I'm sure a
hacker always fancied being a millionaire.

[/wild imagination]
[/drama]

On 12/3/05, bugtraq@xxxxxxxxxxxxxxx <bugtraq@xxxxxxxxxxxxxxx> wrote:
> XSS is 'starting' to get fairly useful.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google is vulnerable from XSS attack
  - From: ghost

References:
- Re: [Full-disclosure] Google is vulnerable from XSS attack
  - From: InfoSecBOFH
- Re: [Full-disclosure] Google is vulnerable from XSS attack
  - From: bugtraq

Prev by Date: [Full-disclosure] IT security professionals in demand in 2006
Next by Date: Re: [Full-disclosure] Google is vulnerable from XSS attack
Previous by thread: Re: [Full-disclosure] Google is vulnerable from XSS attack
Next by thread: Re: [Full-disclosure] Google is vulnerable from XSS attack
Index(es):
- Date
- Thread