Re: [Full-disclosure] Gmail 0day

---

• From: "XSS Worm XSS Security Information Portal" <cross-site-scripting-security@xxxxxxxxxxx>
• Date: Sat, 10 Nov 2007 05:24:32 +1100

---

Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

--
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj@xxxxxxxxxxxxxxxxxx
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen@xxxxxxxxxxxxxx>
wrote:

well this XSS can lead to so much data being stolen that it is not even
funny!


On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen@xxxxxxxxx >
wrote:

wow ! 0day !
damn, 0day, XSS ...


On 11/8/07, silky <michaelslists@xxxxxxxxx> wrote:

worked for me minutes after it was posted. seems fixed now.

On 11/9/07, crazy frog crazy frog < i.m.crazy.frog@xxxxxxxxx> wrote:

i tested xssworm on gmail latest version

On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root@xxxxxxxxx > wrote:

There is a html injection video in https://www.xssworm.com<https://www.google.com>

.

It is very critical,you can get the cookie to login into gmail or

other

service.

POC:

https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
"><h1><a%20href=//xssworm.com/>xssworm</a></h1>

More:http://xss2root.blogspot.com@xxxxxxxxxxx/<http://xss2root.blogspot.com/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
why advertise on secgeeks?
http://secgeeks.com@xxxxxxxxxxx<http://secgeeks.com/Advertising_on_Secgeeks.com>
http://newskicks.com

_______________________________________________
Full-Disclosure - We believe in xss.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://xssworm./secunia.com/<http://secunia.com/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
pdp (acronym) | petrol v. petco
http://www.xssworm.com <http://www.gnucitizen.org>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• References:
  • [Full-disclosure] Gmail 0day
    • From: Scripter Hack
  • Re: [Full-disclosure] Gmail 0day
    • From: crazy frog crazy frog
  • Re: [Full-disclosure] Gmail 0day
    • From: silky
  • Re: [Full-disclosure] Gmail 0day
    • From: Juergen Marester
  • Re: [Full-disclosure] Gmail 0day
    • From: pdp (architect)

• Prev by Date: Re: [Full-disclosure] Hushmail == Narqz
• Next by Date: Re: [Full-disclosure] Hushmail == Narqz
• Previous by thread: Re: [Full-disclosure] Gmail 0day
• Next by thread: Re: [Full-disclosure] Gmail 0day
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-disclosure] Gmail 0day ... Your Gmail session is hijacked (i.e.: via the XSS PoC posted on FD) ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] Month of ActiveX Bug ... [Full-disclosure] Month of ActiveX Bug ... Even XSS bugs in open source perl webmail apps. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) =?KOI8-R?Q?Re:_[Full-disclosure]_XSS_at_msn.com_=C9_cisco.com?= ... It looks like I have:) See my next message "XSS at nsa.gov" or just visit ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure) Re: [Full-disclosure] MBT Xss vulnerability ... I'm not saying XSS isn't important, I'm just wondering why this case is? ... >> (which is not MBT site), how someone will become victim and believe that ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... (Full-Disclosure) Re: [Full-disclosure] Re: XSS at Netcraft.com ... XSS still exists. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)