Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   i hacked GOOGLE! (http://www.go4expert.com/forums/i-hacked-google-t16999/)

indiansword 21Apr2009 04:42

i hacked GOOGLE!
I gave this title just to get more views to it, i have found another XSS vulnerability in google login pages. Have a look at it before it gets fixed, i have pasted the code below, which you will need to run into your address bar and have fun!


P.S.:- I've already reported it to google, so it'd be fixed soon.

shabbir 21Apr2009 08:23

Re: i hacked GOOGLE!
What will happen when we paste the above code.

indiansword 21Apr2009 09:02

Re: i hacked GOOGLE!
lol, r u dbouting me?

i aint gonna steal nothing, if u still dbout then clear your cookies and then check

it will create another MANUAL box in GMAILS main page, as u see it is NOT some PHISHING SH81, because the address starts with "google.com"

shabbir 21Apr2009 09:37

Re: i hacked GOOGLE!
No. Just wanted to know the output. I know its Google.com domain l0l

SpOonWiZaRd 22Apr2009 00:12

Re: i hacked GOOGLE!
DUDE!! You are the fu**ing master! how did you come about this? great stuff...

indiansword 22Apr2009 00:31

Re: i hacked GOOGLE!
glad atleast someone liked it :P

shabbir 22Apr2009 08:39

Re: i hacked GOOGLE!

Originally Posted by indiansword (Post 46078)
glad atleast someone liked it :P

Even I liked it but I wanted to even know what would be the output as well. Some repu your way

indiansword 22Apr2009 23:52

Re: i hacked GOOGLE!

Originally Posted by shabbir (Post 46097)
Even I liked it but I wanted to even know what would be the output as well. Some repu your way

You're talking about OUTPUT!?

Right now i made another box below the login box just to make you guyz udnerstand. Now, i can just remove that box and make the gmail the way it usually looks, and at the end i can add a script to steal the cookies and that particular script i can use "charcode[]" and hex the script so no one would understand it.

If you remember the XSS worm in orkut albums, ONLY orkut worm stole more than 45,000 ids just in about 5 hours. And this thing is ENTIRE GOOGLE including adsense,orkut,gmail etc. etc.

yea 1 more thing,
this vBulletin reputation system SUCKS!

shabbir 23Apr2009 08:24

Re: i hacked GOOGLE!
Agreed that Google Accounts could be in trouble but I guess they should have fixed it by now but I still see its not.

SpOonWiZaRd 23Apr2009 10:49

Re: i hacked GOOGLE!
I see that indiansword likes XSS alot....

All times are GMT +5.5. The time now is 08:47.