Universal XSS in all Google Services

sla.ckers.org is
ha.ckers sla.cking

Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Universal XSS in all Google Services

Posted by: Inferno

Date: May 08, 2009 12:19AM

Hi Hackers,

Google just fixed a universal xss that i reported. It was in a python script that was common to most Google services. More information here - http://securethoughts.com/2009/05/universal-xss-vulnerability-in-all-google-services-can-compromise-your-personal-information/

-
Inferno
SecureThoughts.com

Options: Reply•Quote

Re: Universal XSS in all Google Services

Posted by: digi7al64

Date: May 08, 2009 02:17AM

nice work.

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: Reply•Quote

Re: Universal XSS in all Google Services

Posted by: Gareth Heyes

Date: May 08, 2009 02:52AM

I deleted the dup from bugs, as this section is more relevant

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: Reply•Quote

Re: Universal XSS in all Google Services

Posted by: Inferno

Date: May 08, 2009 03:03AM

@digi7al64 - thanks for your comments

@Gareth - Thanks a lot. I realised this after i put it in the bug category :) BTW, is there a way to change category after writing a post?

-
Inferno
SecureThoughts.com

Edited 1 time(s). Last edit at 05/08/2009 03:04AM by Inferno.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login