Google Blogoscoped

Forum

Gmail Cross-site Scripting Vulnerability  (View post)

Robert [PersonRank 0]

Monday, January 1, 2007
13 years ago4,036 views

Use POP
Use Gmail in HTML mode mail.google.com/mail/?ui=html (look for "Basic Html" on the gmail web page.) I think this is also the default mode when javascript is disabled

Ioannus de Verani [PersonRank 1]

13 years ago #

Hey, that has been fixed already (theregister.co.uk/2004/11/01/g ...).

Dmitri [PersonRank 1]

13 years ago #

This is the day I started using NoScript.

TOMHTML [PersonRank 10]

13 years ago #

"Hey, that has been fixed already"
AH AH AH

Haochi [PersonRank 10]

13 years ago #

"Hey, that has been fixed already"
Hahaha, "Published Monday 1st November 2004 11:30 GMT"
Philipp, the code was hosted on Google Pages, and I took it down this morning. (Google wasn't involved.)

Juha-Matti Laurio [PersonRank 10]

13 years ago #

TechReads blog has an entry too:
cyber-knowledge.net/blog/2007/ ...
(via /.)

Juha-Matti Laurio [PersonRank 10]

13 years ago #

Sorry, posted to wrong thread... :-(

stefan2904 [PersonRank 10]

13 years ago #

google ({
   Success: false,
   Errors: []
})

Jason Schramm [PersonRank 5]

13 years ago #

Good thing I've been using NoScript for Firefox.

Philipp Lenssen [PersonRank 10]

13 years ago #

> Hey, that has been fixed already

Ioannus, your link points to a different vulnerability than this one.

> the code was hosted on Google Pages

Haochi, I updated the post.

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!