Google Blogoscoped

Forum

Gmail Cross-site Scripting Vulnerability  (View post)

Robert [PersonRank 0]

Monday, January 1, 2007
15 years ago4,532 views

Use POP
Use Gmail in HTML mode http://mail.google.com/mail/?ui=html (look for "Basic Html" on the gmail web page.) I think this is also the default mode when javascript is disabled

Ioannus de Verani [PersonRank 1]

15 years ago #

Hey, that has been fixed already (http://www.theregister.co.uk/2004/11/01/gmail_bug_fixed/).

Dmitri [PersonRank 1]

15 years ago #

This is the day I started using NoScript.

TOMHTML [PersonRank 10]

15 years ago #

"Hey, that has been fixed already"
AH AH AH

Haochi [PersonRank 10]

15 years ago #

"Hey, that has been fixed already"
Hahaha, "Published Monday 1st November 2004 11:30 GMT"
Philipp, the code was hosted on Google Pages, and I took it down this morning. (Google wasn't involved.)

Juha-Matti Laurio [PersonRank 10]

15 years ago #

TechReads blog has an entry too:
http://cyber-knowledge.net/blog/2007/01/01/gmail-vulnerable-to-contact-list-hijacking/
(via /.)

Juha-Matti Laurio [PersonRank 10]

15 years ago #

Sorry, posted to wrong thread... :-(

stefan2904 [PersonRank 10]

15 years ago #

google ({
   Success: false,
   Errors: []
})

Jason Schramm [PersonRank 5]

15 years ago #

Good thing I've been using NoScript for Firefox.

Philipp Lenssen [PersonRank 10]

15 years ago #

> Hey, that has been fixed already

Ioannus, your link points to a different vulnerability than this one.

> the code was hosted on Google Pages

Haochi, I updated the post.

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!