[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: GMail, Google Groups XSS Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Re: GMail, Google Groups XSS Vulnerability
- From: "Darren Bounds" <dbounds@xxxxxxxxx>
- Date: Thu, 13 Apr 2006 09:43:06 -0400
Google Groups is now zipping HTML file attachments to force seperation.
This can be seen here:
http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b
GMail is still vulnerable.
On 4/11/06, Darren Bounds <dbounds@xxxxxxxxx> wrote:
> GMail, Google Groups XSS Vulnerability
> April 11, 2006
>
> GMail and Google Groups are vulnerable to an cross site scripting
> (XSS) attack due to their reliance on Content-Disposition to provide
> separation between the HTML file download and application scopes. The
> result is the ability for an attacker to send / post a malicious HTML
> file attachments which, when read using Internet Explorer, will
> execute within the scope of the Google application allowing the theft
> of sensitive user content.
>
> A PoC is available on Google Groups at the following URL:
>
> http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b
>
> This vulnerability is directly related to my posting earlier this week
> entitled "Microsoft Internet Explorer Content-Disposition HTML File
> Handling Flaw" which can be found at the following URL:
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html
>
> Google has been notified.
>
>
> --
>
> Thank you,
> Darren Bounds
>
--
Thank you,
Darren Bounds
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/