Full Disclosure mailing list archives
Disappearing Google Adwords Contextual Adverts
From: n3td3v <n3td3v () gmail com>
Date: Tue, 25 Apr 2006 01:13:01 +0100
Vendor: Google Inc (GOOG) Service: Groups Description: Google has an archive of Usenet since 1981 on its network. However, Google decided to build a new Groups interface known as Google Groups 2 or GG2 for short. Issue: This is a test group. n3td3v broke this group by exploiting the way Google treats "#"'s on the web interface. Because of this lots is possible. Multiple attack vectors, including, but not limited to: 1) [Obscurity] Obscure "Yes" to delete message functionality. (See screenshot) This thread cannot be deleted easily by obscuring the "Yes" to delete option on the message delete page which the owner and moderator of a group has access to, because the subject header is extra long. http://groups.google.com/group/n3td3v-security/browse_thread/thread/466f175ae21d9b64/91bbdcdfc4abf8cb?lnk=raot#91bbdcdfc4abf8cb 2) [Fraud] Kill Google Ads - Kill Google ads during your penis enlargement attack. (See screenshot) This thread runs data over Adwords contextual ads and gives the ability to make the ads disappear when using "view message with text" interface on the group archive (http://groups.google.com/group/n3td3v-security). http://groups.google.com/group/n3td3v-security/browse_thread/thread/ae84e1149c593ff6/16b4f82db867a7ec#16b4f82db867a7ec 3) [Phishing] Make a topic look busy. Make a new topic goto the bottom, instead of the top when using "view message with text" interface on the group archive (http://groups.google.com/group/n3td3v-security), and fake how many replies a thread has http://groups.google.com/group/n3td3v-security/browse_thread/thread/120172140c2fe33a/a4b2c663908b44df?lnk=raot#a4b2c663908b44df 4) [Phishing] More reason to click on a thread. Force a victim to open a message to see whats inside. Make a message have no message text when using "view message with text" interface on the group archive (http://groups.google.com/group/n3td3v-security). http://groups.google.com/group/n3td3v-security/browse_thread/thread/e1fc3f0cd5f3b6e3 Overview: With a carefully crafted message, a penis enlargement attack on Google is possible, if you add each example into one super message. See screenshots attached as proof. The real zero-day isn't here. Because of the way Google treats "#"'s, you can hack various Google services. I guess theres going to be lots of Google vulnerabilites sent to FD now for its search engine, gmail etc now too. Happy researching, this is just the tip of the iceberg of whats possible. Credit: n3td3v Personal: See you next time Google! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Disappearing Google Adwords Contextual Adverts n3td3v (Apr 24)