Google Buzz xss
Results 1 to 4 of 4

Thread: Google Buzz xss

Threaded View

  1. #1
    HYBR|D
    Guest

    Smile Google Buzz xss

    Just thought i'd mention that Google Buzz thing had a xss flaw.

    Here is the string for the flaw.

    https://m.google.com/app/buzz#~buzz:...w=search&bmb=1
    you will need to "spoof" your user agent string to get it working.

    Theres also a fresh write up over at ha.ckers.org



    There’s four things of note here. Firstly it’s on Google’s domain, not some other domain like Google Gadgets or something. So yes, it’s bad for phishing and for cookies. Secondly, it’s over SSL/TLS (so no one should be able to see what’s going on, right?). Third, it could be used to hijack Google Buzz - as if anyone is using that product (or at least you shouldn’t be). And lastly isn’t it ironic that Google is asking to know where I am on the very same page that’s being compromised? Why on earth does Google think its systems are secure enough to trust them with that kind of sensitive information? Yes, bad guys can figure out where you’re located if you allow that function. Chinese dissidents beware! But if you have something to hide, you must be a bad guy, right, Eric?
    & here's the Original thread over at DG

    I figured that since were on a Security site i may as well start a thread and get some sort of dicussion happening about this.
    Last edited by HYBR|D; February 17th, 2010 at 02:59 PM. Reason: Yeah the hole "Should" be patched by now ;)

Similar Threads

  1. Google vs eBay
    By Egaladeist in forum General Computer Discussions
    Replies: 1
    Last Post: October 28th, 2005, 04:49 AM
  2. Befriending Google
    By ch4r in forum Other Tutorials Forum
    Replies: 2
    Last Post: January 21st, 2005, 01:53 PM
  3. Google as a Hacking Tool
    By 3rr0r in forum The Security Tutorials Forum
    Replies: 26
    Last Post: December 1st, 2004, 05:31 AM
  4. Google is watching you...
    By MrLinus in forum Web Security
    Replies: 13
    Last Post: August 7th, 2004, 04:13 PM
  5. Article about our loved Google...
    By -DaRK-RaiDeR- in forum AntiOnline's General Chit Chat
    Replies: 0
    Last Post: December 22nd, 2002, 06:21 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides