[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Gmail 0day



Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj@xxxxxxxxxxxxxxxxxx
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen@xxxxxxxxxxxxxx>
wrote:

> well this XSS can lead to so much data being stolen that it is not even
> funny!
>
>
> On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen@xxxxxxxxx >
> wrote:
>
> > wow ! 0day !
> > damn, 0day, XSS ...
> >
> >
> > On 11/8/07, silky <michaelslists@xxxxxxxxx> wrote:
> > >
> > > worked for me minutes after it was posted. seems fixed now.
> > >
> > > On 11/9/07, crazy frog crazy frog < i.m.crazy.frog@xxxxxxxxx> wrote:
> > > > i tested xssworm on gmail latest version
> > > >
> > > > On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root@xxxxxxxxx > wrote:
> > > > > There is a html injection video in 
> > > > > https://www.xssworm.com<https://www.google.com>
> > > .
> > > > > It  is very critical,you can get the cookie to login into gmail or
> > > other
> > > > > service.
> > > > >
> > > > > POC:
> > > > >
> > > https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
> > > "><h1><a%20href=//xssworm.com/>xssworm</a></h1>
> > > > >
> > > > > More:http://xss2root.blogspot.com@xxxxxxxxxxx/<http://xss2root.blogspot.com/>
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > why advertise on secgeeks?
> > > > http://secgeeks.com@xxxxxxxxxxx<http://secgeeks.com/Advertising_on_Secgeeks.com>
> > > > http://newskicks.com
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in xss.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - 
> > > > http://xssworm./secunia.com/<http://secunia.com/>
> > > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> pdp (acronym) | petrol v. petco
> http://www.xssworm.com <http://www.gnucitizen.org>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/