Security researcher Billy (BK) Rios has disclosed details about vulnerability in Google Spreadsheet based to Content-type filtering. Due to the flaw unauthorized access to Gmail etc. on Google.com domain was possible. The vulnerability is fixed now.
Link: http://xs-sniper.com/blog/2008/04/14/google-xss/ |
This is the same vulnerability we reported here over six months go (but we never actually released the details, although we did report it to Google):
http://blogoscoped.com/archive/2007-09-28-n28.html |
This is interesting.
Google probably didn't managed to fix the vulnerability fully in September? |
They didn't even try to fix it in September. I think it's been wide open since then. |