GMail and Google Groups are vulnerable to an cross site scripting (XSS) attack due to their reliance on Content-Disposition to provide separation between the HTML file download and application scopes.
36c3caf867d3ffaeb99e710551c40b989b1ec886d122466cd3668d577cdf5d67GMail, Google Groups XSS Vulnerability
April 11, 2006
GMail and Google Groups are vulnerable to an cross site scripting
(XSS) attack due to their reliance on Content-Disposition to provide
separation between the HTML file download and application scopes. The
result is the ability for an attacker to send / post a malicious HTML
file attachments which, when read using Internet Explorer, will
execute within the scope of the Google application allowing the theft
of sensitive user content.
A PoC is available on Google Groups at the following URL:
http://groups.google.com/group/Content-Disposition/browse_thread/thread/925106682eb32b2b
This vulnerability is directly related to my posting earlier this week
entitled "Microsoft Internet Explorer Content-Disposition HTML File
Handling Flaw" which can be found at the following URL:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044991.html
Google has been notified.
--
Thank you,
Darren Bounds
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed