03-02-2006, 04:32 PM
|
|
|
too cool for highschool
Join Date: Nov 2005
Location: East side, West side, Worldwide!
Posts: 12,164
|
Vulnerability in Gmail discovered by 14 year old
Quote:
Vulnerability in Gmail
I was recently attempting to mail some javascript code from my yahoo account to my gmail when I came across this vulnerability.
Apparently javascript will run if it is withing the preview of the message.
I only tested this sending from a yahoo account. Sending gmail to gmail appears to filter this out.
This is what the message has to compose of
A short subject to increase the ammount of code to run
A short bit of text in the body so that the code isn't treated as quoted text
And your code
My simple test was : Subject: a Body: asdfasdf<script>alert("asdF");</script>
Here is a screen: http://www.ipnow.org/vulnerability.png
This vulnerability could be used to gather email addresses. Or even possibly to compromise the account.
|
http://ph3rny.blogspot.com/2006/03/v...-in-gmail.html |
|
|