Category Archives: XSS

Google Gadgets XSS (IE6/Opera)

Posted on November 25, 2007 by Fernando

There is a recent discussion on ha.ckers.org regarding a possible CSRF that could allow an attacker to inject an evil gadget on someobdy else’s iGoogle page. After checking the format of the xml file used to define the gadgets properties, … Continue reading →

Posted in English, Security, XSS | Tagged google, ie, Security, xml, XSS | 2 Comments

Firefox jar: Protocol Vulnerability

Posted on November 10, 2007 by Fernando

I just came across pdp’s finding jar protocol vulnerability on Mozilla Firefox, I think its a big issue, and the fact that it has been on bugzilla (#369814) for way more than ten fuck*ng days is not a good thing. … Continue reading →

Posted in English, Security, XSS | Tagged firefox, gecko, google, jar, mozilla, Security, XSS | 21 Comments

Google Vulnerability

Posted on September 24, 2007 by Fernando

Yesterday, I found a new Google.com XSS vulnerability that can be abused to steal information from Gmail accounts, I’ve done responsible disclosure of at least 3 vulns to Google, but since I haven’t got enough ‘motivation’, I’ll go full disclosure … Continue reading →

Posted in English, Security, XSS | Tagged google, jar, Security, XSS | 46 Comments

Category Archives: XSS

Google Gadgets XSS (IE6/Opera)

Firefox jar: Protocol Vulnerability

Google Vulnerability

Archives

Meta