xploitable at gmail
May 15, 2008, 4:46 PM
Post #1 of 1
(104 views)
Permalink
|
|
Forwarding message vulnerability on Google Groups
|
|
If joebloggs[at]google.com is banned from a Google Group and
xploitable[at]gmail.com is registered with that group,
joebloggs[at]google.com can subscribe to a mailing list such as
Full-Disclosure and start forwarding all messages xploitable[at]gmail.com
sends to that mailing list if xploitable[at]gmail.com is registered to
it, and directly post them to the Google Group joebloggs[at]google.com is
banned from.
This is probably done by the banned joebloggs[at]google.com setting up a
filter on Gmail Settings > Filter > Matches:
from:(xploitable[at]gmail.com)
Do this: Forward to (n3td3v[at]googlegroups.com).
Severity of this issue is obviously critical and you should switch the
victim's registered (xploitable[at]gmail.com) e-mail address on a Google
Group to "moderate" as a work around, until Google Groups fixes this
vulnerability.
Google Inc. (GOOG) was notified simultaneously as this security
advisory was published to the wild.
http://finance.google.com/finance?q=NASDAQ:GOOG/
http://groups.google.com/
http://google.com/
All the best,
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
