[Full-disclosure] Google is vulnerable from XSS attack
n3td3v
xploitable at gmail.com
Mon Dec 5 02:57:57 GMT 2005
[drama]
[wild imagination]
***Millions of e-mail addresses exposed to hackers***
*Hacker gets access to every group, made easier by his/her worm script
(likely a hacker would do this)
*Hacker harvests all e-mail addresses exposed and sells to spammer
(likely a hacker would do this)
*Hacker deletes all groups on network, made easier by his/her worm
script (unlikely a hacker would do this)
Assuming the hacker still has access to administrative controls for
every group, he/she can conitinue to harvest new e-mail addresses and
delete groups with the flaw patched.
How much is an e-mail list of that size worth to spammers? I'm sure a
hacker always fancied being a millionaire.
[/wild imagination]
[/drama]
On 12/3/05, bugtraq at cgisecurity.net <bugtraq at cgisecurity.net> wrote:
> XSS is 'starting' to get fairly useful.
Full-Disclosure is hosted and sponsored by Secunia.