|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: n3td3v (xploitable
gmail.com)
Date: Thu May 15 2008 - 18:46:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If joebloggsgoogle.com is banned from a Google Group and
xploitablegmail.com is registered with that group,
joebloggsgoogle.com can subscribe to a mailing list such as
Full-Disclosure and start forwarding all messages xploitablegmail.com
sends to that mailing list if xploitablegmail.com is registered to
it, and directly post them to the Google Group joebloggsgoogle.com is
banned from.
This is probably done by the banned joebloggsgoogle.com setting up a
filter on Gmail Settings > Filter > Matches:
from:(xploitablegmail.com)
Do this: Forward to (n3td3vgooglegroups.com).
Severity of this issue is obviously critical and you should switch the
victim's registered (xploitablegmail.com) e-mail address on a Google
Group to "moderate" as a work around, until Google Groups fixes this
vulnerability.
Google Inc. (GOOG) was notified simultaneously as this security
advisory was published to the wild.
http://finance.google.com/finance?q=NASDAQ:GOOG/
http://groups.google.com/
http://google.com/
All the best,
n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]