Popular Tags
« Back to reality
Defining a New SEO Term! PTI Value - Potential Traffic Increase »
Sep
24th

Gmail XSS exploit

Posted in Security & Privacy

I was pretty disturbed when my colleague sent me this link just for fun. Guess what, it wasn’t fun at all :O . To see what I’m talking about you have to be logged in to your Gmail account while viewing this page.

According to Fernando from beford.org, this is 4th vulnerability he found so far on Google services and because it affects huge number of users he decided to publish it. This exploit can be used to attack Search, Blogspot, Groups and Gmail.

Last couple of days were particularly interesting as different users reported various hole’s and vulnerabilities of Google services and some published ones you can find on Hackademix.net.

I must say that this isn’t something I was expecting to see from Google. I’m using Gmail account as my primary email and after this, I’m seriously considering not to use it anymore. Also all of you, who share the same opinion as me, should check for anti XSS protection NoScript.

This entry was posted on Monday, September 24th, 2007 at 7:36 pm and is filed under Security & Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


Related posts:
  • No related posts

2 Responses to “Gmail XSS exploit”

  1. Joel via TheTreichels.com says:

    I’m not sure what the link does, as it doesn’t do it for me. I am using Vista/Firefox/Gmail. Nothing on my end wrong.

    October 12th, 2007 at 11:41 pm
  2. Milos says:

    Hi Joel,

    google has fixed this issue. However email forwarding vulnerability issue is still open.

    October 15th, 2007 at 7:50 pm

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>