So what's the deal here? I haven't seen any mention of this XSS vulnerability anywhere else... but I just tested it and it worked.
Isn't this a big deal for Google? It seems to me the cookies accessible through GMail are pretty important, not just for GMail but for their other services too. Or am I missing something? On 4/11/06, Darren Bounds <[EMAIL PROTECTED]> wrote: > GMail, Google Groups XSS Vulnerability > April 11, 2006 > > GMail and Google Groups are vulnerable to an cross site scripting > (XSS) attack due to their reliance on Content-Disposition to provide > separation between the HTML file download and application scopes. The > result is the ability for an attacker to send / post a malicious HTML > file attachments which, when read using Internet Explorer, will > execute within the scope of the Google application allowing the theft > of sensitive user content. > > A PoC is available on Google Groups at the following URL: > > http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b > > This vulnerability is directly related to my posting earlier this week > entitled "Microsoft Internet Explorer Content-Disposition HTML File > Handling Flaw" which can be found at the following URL: > > http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html > > Google has been notified. > > > -- > > Thank you, > Darren Bounds > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
