[Full-disclosure] www.google.com xss vulnerability Using mhtml
Yigit Turgut
y.turgut at gmail.com
Wed Jan 26 13:17:32 GMT 2011
I woudn't like to discourage ppl submitting vulns to vendors but this is the
response you'll most likely to get from those kind of vendors no matter what
you found in their system. I had more than a dozen similar experience like
yours. Now it's public + fixed and you gotta get nothing beside these
replies (:
> Message: 10
> Date: Wed, 26 Jan 2011 01:33:16 -0800
> From: IEhrepus <5up3rh3i at gmail.com>
> Subject: [Full-disclosure] www.google.com xss vulnerability Using
> mhtml
> To: full-disclosure at lists.grok.org.uk
> Cc: sird at rckc.at
> Message-ID:
> <AANLkTinF+XiCfVrw86cm-m0uHW_o0xzK1XfHFwTNR1PF at mail.gmail.com<AANLkTinF%2BXiCfVrw86cm-m0uHW_o0xzK1XfHFwTNR1PF at mail.gmail.com>
> >
> Content-Type: text/plain; charset=UTF-8
>
> Long, long time ago, we heard an interesting legend is www.google.com
> will Pay for its vulnerability,so we want to try ...
>
> lucky,A vulnerability has been caught by my friend
> PZ[http://hi.baidu.com/p__z], this vul is base on ?Hacking with mhtml
> protocol handler?[
> http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt
> ]:
>
> mhtml:http://www.google.com/gwt/n?u=[mhtml file url]!xxxx
>
> we are very happy,so we post it to security at google.com for the legend
> :)[2011/01/23].We got a reply soon [2011/01/24]:
>
> ---------------------------------------------------
> Hi Pavel,
>
> Nice catch! I?ve filed a bug internally and will keep you in the loop
> as things progress.
>
> Regards,
> xxx- Google Security Team
> --------------------------------------------------
>
> but .....
>
> -------------------------------------------------
> Hi Pavel,
>
> The panel has determined this doesn't qualify for a reward for 2 reasons:
>
> 1) A very close variant was publicly disclosed on 21 Jan:
> http://www.wooyun.org/bugs/wooyun-2010-01199
> 2) Technically, it's not a bug in Google, it's really a big in IE.
>
> Cheers,
> xxx, Google Security Team
> -----------------------------------------------
>
> and Today we test the vul again ,it has been fixed .[2011/01/26]
>
> Thus, we understand the unspoken rules of this, This is a football
> game, the vulnerability is the ball , MS and GG are the players
>
>
> ----by superhei from http://www.80vul.com
>
>
>
>
> hitest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20110126/ec68e402/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.