Saturday, November 30, 2013

XSS - Google Groups (groups.google.com) - Vulnerability Reward Program

Written by   on   in , , ,   with 4 comments
Hi! Just want to share my finding, I have found Reflected XSS Vulnerability in Google Groups. With no user interaction, enjoy ;-)

About

Title: Reflected XSS in Google Groups
Business Risk: High
Discovery Date: October/November
Payload: <href="url" onmouseover=alert(1)>
Author: Manuel Sousa (me)

Steps to Reproduce


This bug requires 2 accounts.

1. Login to Google Groups With Account 1
2. Create a group.
3. Publish in the group and Upload a .swf file with a payload written in the file. (Download here!)
4. Now click on "see"
5. Now you will see a XSS in “sandbox” domain (No problem ;))

 Now we have a link to acesss the .swf file (https://groups.google.com/group/xsstesttmanuelsousa/attach/a9f1c6bf1187cde9/xss.swf?part=4&authuser=0&view=1)

 6. Logout Google Services with Account 1º
7. Login to Google Services With Account 2º
8. Now acess the file created before with account 1º
9. Now we will see a forbidden page. (the file is restricted)
10. Inject the code ( <href="url" onmouseover=alert(1)>SOMETEXTHERE)
11. Injected link: https://groups.google.com/group/xsstesttmanuelsousa/attach/a9f1c6bf1187cde9/XSSbyMS%3Chref=%22url%22%20onmouseover=alert%281%29%3E




Disclosure Timeline

October 24, 2013 at 11:00 PM (WET Time): Vulnerability Discovered
October 25, 2013 at 00:05 AM (WET Time): Initial Report
October 25, 2013 at 00:05 AM (WET Time): Autoresponse from Security bot
October 25, 2013 at 8:22 PM (WET Time): First response from Security Team
November 5, 2013 at 22:46 AM (WET Time): Bounty Rewarded.
November 7, 2013: Vulnerability Fixed
You can see my name in Hall of Fame, and I promise, I'll be there more often ;). (http://www.google.com/about/appsecurity/hall-of-fame/reward/)


Sorry about my English :3
Share:

4 comments:

  1. little masterMarch 3, 2014 at 7:42 AM

    can give me google secuirity team email add

    ReplyDelete
  2. faithevacuraMarch 5, 2022 at 1:01 AM

    How to play roulette online with real money - Drmcd
    How to play roulette online with real 남원 출장마사지 money · Play 양주 출장샵 the roulette game online 청주 출장샵 · Make your roulette wager on any number of points 밀양 출장마사지 · Take the advantage of 김천 출장마사지

    ReplyDelete
  3. jadenfadelyNovember 9, 2022 at 4:07 AM

    Keeping pace with client developments, most modern-day sport builders adopt a mobile-first philosophy, making their games easily accessible on all major fashionable platforms. Leading provider Push Gaming’s complete repertoire, for instance, is optimised seamlessly for cell 1xbet on line casino play. Dive deep under sea in the palm of your hand with Razor Shark, or embark on a Polynesian journey in Tiki Tumble. Well, each time somebody stops by for a number of} spins, they provide us with invaluable snippets of information on their enjoying in} tendencies. Data regarding parameters like games played and average amount wagered is relayed to our quantity crunchers instantly, helping us build a snapshot of every individual participant.

    ReplyDelete
  4. AnonymousNovember 11, 2022 at 7:57 AM

    When the cell industry was hurting, there have been many successful firms in the console and PC sectors that actually had a tough time switching to it. Because it’s a unique format, it’s different actual property on your display, a unique gaming experience. So, even if you want to|if you wish to} play games for actual 메리트카지노 money on this web site on your smartphone, you’ll be fine. Aside from this generous welcome bonus, Punt Casino also presents a 15% day by day cashback and other day by day bonuses like free spins. In truth, you should use|you have to use} our unique bonus code PLAY200 to say a 200% match bonus on your first deposit and 50 free spins. Only the most effective from numerous respected on line casino software providers, corresponding to NetEnt, Pragmatic Play, Better Gaming, and Red Tiger Gaming.

    ReplyDelete