[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] www.google.com xss vulnerability Using mhtml
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] www.google.com xss vulnerability Using mhtml
- From: Yigit Turgut <y.turgut@xxxxxxxxx>
- Date: Wed, 26 Jan 2011 15:17:32 +0200
I woudn't like to discourage ppl submitting vulns to vendors but this is the
response you'll most likely to get from those kind of vendors no matter what
you found in their system. I had more than a dozen similar experience like
yours. Now it's public + fixed and you gotta get nothing beside these
replies (:
> Message: 10
> Date: Wed, 26 Jan 2011 01:33:16 -0800
> From: IEhrepus <5up3rh3i@xxxxxxxxx>
> Subject: [Full-disclosure] www.google.com xss vulnerability Using
> mhtml
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Cc: sird@xxxxxxx
> Message-ID:
>
> <AANLkTinF+XiCfVrw86cm-m0uHW_o0xzK1XfHFwTNR1PF@xxxxxxxxxxxxxx<AANLkTinF%2BXiCfVrw86cm-m0uHW_o0xzK1XfHFwTNR1PF@xxxxxxxxxxxxxx>
> >
> Content-Type: text/plain; charset=UTF-8
>
> Long, long time ago, we heard an interesting legend is www.google.com
> will Pay for its vulnerability,so we want to try ...
>
> lucky,A vulnerability has been caught by my friend
> PZ[http://hi.baidu.com/p__z], this vul is base on ?Hacking with mhtml
> protocol handler?[
> http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt
> ]:
>
> mhtml:http://www.google.com/gwt/n?u=[mhtml file url]!xxxx
>
> we are very happy,so we post it to security@xxxxxxxxxx for the legend
> :)[2011/01/23].We got a reply soon [2011/01/24]:
>
> ---------------------------------------------------
> Hi Pavel,
>
> Nice catch! I?ve filed a bug internally and will keep you in the loop
> as things progress.
>
> Regards,
> xxx- Google Security Team
> --------------------------------------------------
>
> but .....
>
> -------------------------------------------------
> Hi Pavel,
>
> The panel has determined this doesn't qualify for a reward for 2 reasons:
>
> 1) A very close variant was publicly disclosed on 21 Jan:
> http://www.wooyun.org/bugs/wooyun-2010-01199
> 2) Technically, it's not a bug in Google, it's really a big in IE.
>
> Cheers,
> xxx, Google Security Team
> -----------------------------------------------
>
> and Today we test the vul again ,it has been fixed .[2011/01/26]
>
> Thus, we understand the unspoken rules of this, This is a football
> game, the vulnerability is the ball , MS and GG are the players
>
>
> ----by superhei from http://www.80vul.com
>
>
>
>
> hitest
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/