Today I found out an important security loop hole in Google groups which is related to posting of messages I am a owner of a small Proxy Google group with 1000 members and only I had the right to post and moderate messages.Today a noticed a couple of management tasks pending(Pending messages) in my Group,even though I have not given posting permissions to anybody… After that I reviewed the messages which were spam sent through anonymailer.net Google groups has a posting defect which allows any non-moderator and non google account holder to post messages directly by using the Group owners email address… To check this I also sent out a mail to my proxy group using a php script by using my mail address (Group owner mail address) To check for yourself go to http://www.anonymailer.net/ Example: http://groups.google.com/group/unblocktheblocked ( I am taking this proxy group as example) From address :xxxxxxxxxxxxx@gmail.com (Owner address) To address :xxxxxxxx@googlegroups.com subject: New asdpasdpaspdasd (Any thing) Message: asdasdasdasdas(Any thing) Sender :unblocker(some name) then submit it and after few minutes you will notice a new post http://groups.google.com/group/xxxxxxxx Thus it Google groups allows even a non google account holder to post meesages I have also written in detail about this on my blog using a live example This security loop holes http://www.ramanean.com/google-groups-posting-security-loop-hole/ This security loop hole holds good for restriced and moderated groups where the only thing is owner will be reviewing your messages I also tested this using a php script
hey anonymailer.net is my website. Sorry for that dude. I guess my site works best for spammers btw your blog link has trojan