Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google is vulnerable from XSS attack

From: n3td3v <xploitable () gmail com>
Date: Mon, 5 Dec 2005 02:57:57 +0000
[drama]
[wild imagination]

***Millions of e-mail addresses exposed to hackers***

*Hacker gets access to every group, made easier by his/her worm script
(likely a hacker would do this)
*Hacker harvests all e-mail addresses exposed and sells to spammer
(likely a hacker would do this)
*Hacker deletes all groups on network, made easier by his/her worm
script (unlikely a hacker would do this)

Assuming the hacker still has access to administrative controls for
every group, he/she can conitinue to harvest new e-mail addresses and
delete groups with the flaw patched.

How much is an e-mail list of that size worth to spammers? I'm sure a
hacker always fancied being a millionaire.

[/wild imagination]
[/drama]

On 12/3/05, bugtraq () cgisecurity net <bugtraq () cgisecurity net> wrote:

XSS is 'starting' to get fairly useful.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: