On Fri, 17 Dec 2004 21:59:00 +0000, n3td3v <[EMAIL PROTECTED]> wrote: > On Fri, 17 Dec 2004 21:29:24 +0000, n3td3v <[EMAIL PROTECTED]> wrote: > > When I was testing Google Groups Beta > > (http://groups-beta.google.com/group/n3td3v) I found the script tags > > executed on the Google Groups site. This only seems to work while > > clicking on a reply thread, using the reply menu, featured on a given > > groups homepage, when an older thread gets a reply. > > > > If the thread reply you try to open has a script in it, then the > > script executes, instead of taking you to the reply to the thread you > > were attempting to view. > > > > An attacker can send a reply to a thread on Google Groups Beta with a > > carefully crafted script in it, to exploit Google Group Beta users! > > > > This is probably just the tip of the ice berg of something bigger, but > > I thought I better mention it before malicious users started > > exploiting people. > > > > Discovered today by n3td3v. > > > > Thanks, n3td3v. > > > > Proof of concept: > http://groups-beta.google.com/group/n3td3v/browse_thread/thread/2379f18f5986c985 >
Forget my original e-mail... you just need to view any thread from a given Google Groups Beta site and you can be vulnerable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
