On Fri, 17 Dec 2004 21:29:24 +0000, n3td3v <[EMAIL PROTECTED]> wrote: > When I was testing Google Groups Beta > (http://groups-beta.google.com/group/n3td3v) I found the script tags > executed on the Google Groups site. This only seems to work while > clicking on a reply thread, using the reply menu, featured on a given > groups homepage, when an older thread gets a reply. > > If the thread reply you try to open has a script in it, then the > script executes, instead of taking you to the reply to the thread you > were attempting to view. > > An attacker can send a reply to a thread on Google Groups Beta with a > carefully crafted script in it, to exploit Google Group Beta users! > > This is probably just the tip of the ice berg of something bigger, but > I thought I better mention it before malicious users started > exploiting people. > > Discovered today by n3td3v. > > Thanks, n3td3v. >
Proof of concept: http://groups-beta.google.com/group/n3td3v/browse_thread/thread/2379f18f5986c985 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
