GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Vulnerability in Gmail discovered by 14 year old (https://gfy.com/showthread.php?t=582221)

RayBonga 03-02-2006 04:32 PM
Vulnerability in Gmail discovered by 14 year old
 
Quote:
Vulnerability in Gmail
I was recently attempting to mail some javascript code from my yahoo account to my gmail when I came across this vulnerability.

Apparently javascript will run if it is withing the preview of the message.

I only tested this sending from a yahoo account. Sending gmail to gmail appears to filter this out.

This is what the message has to compose of

A short subject to increase the ammount of code to run

A short bit of text in the body so that the code isn't treated as quoted text

And your code

My simple test was : Subject: a Body: asdfasdf<script>alert("asdF");</script>

Here is a screen: http://www.ipnow.org/vulnerability.png

This vulnerability could be used to gather email addresses. Or even possibly to compromise the account.
http://ph3rny.blogspot.com/2006/03/v...-in-gmail.html

Theo 03-02-2006 04:35 PM
crazy,after all this time nobody noticed such porblem?

GlydeGirl 03-02-2006 04:39 PM
Most 14-year olds have WAY too much time on their hands! LOL

nofx 03-02-2006 04:39 PM
heh 404









Account Suspended
The hosting account for this domain name has been suspended for 1 of 2 reasons.

1. Your bill is over due.

2. You account what causing a problem with the server and needed to be temporarily disabled.

xclusive 03-02-2006 04:41 PM
good catch by the kid

abadfish 03-02-2006 04:41 PM
"Account Suspended
The hosting account for this domain name has been suspended for 1 of 2 reasons.

1. Your bill is over due.

2. You account what causing a problem with the server and needed to be temporarily disabled."


Probably an "unlimited bandwidth" account...

Pipecrew 03-02-2006 04:43 PM
Quote:
Originally Posted by abadfish
"Account Suspended
The hosting account for this domain name has been suspended for 1 of 2 reasons.

1. Your bill is over due.

2. You account what causing a problem with the server and needed to be temporarily disabled."


Probably an "unlimited bandwidth" account...
Google has sent the blackhawk helicopters to his house and his host.

PixeLs 03-02-2006 06:47 PM
LOL, this somehow sounds funny.

SomeCreep 03-02-2006 06:49 PM
The following text I am about to post has already been posted in this thread, but I will post it again, because this would not be GFY, if I did not.

"
Account Suspended
The hosting account for this domain name has been suspended for 1 of 2 reasons.

1. Your bill is over due.

2. You account what causing a problem with the server and needed to be temporarily disabled.
"

hova 03-02-2006 06:51 PM
what a little smartass

sniperwolf 03-02-2006 08:02 PM
Quote:
Originally Posted by Pipecrew
Google has sent the blackhawk helicopters to his house and his host.
:1orglaugh :1orglaugh :1orglaugh

RayBonga 03-03-2006 12:49 AM
Quote:
Originally Posted by Pipecrew
Google has sent the blackhawk helicopters to his house and his host.
More likely they'll hire him.

Stacey_JoinRightNow 03-03-2006 01:09 AM
Quote:
Originally Posted by Soul_Rebel
crazy,after all this time nobody noticed such porblem?
yeah... kids are somehow good in experimenting things, trial and error...
very imaginative.

Shoehorn! 03-03-2006 01:23 AM
Quote:
Originally Posted by SomeCreep
The following text I am about to post has already been posted in this thread, but I will post it again, because this would not be GFY, if I did not.
:1orglaugh

Zarathustra 03-03-2006 01:27 AM
kids are smarter then adults because they lack paradigmic thinking that conforms them or limits their thinking. This essentially means that us adults have mainly been programmed to be sheep

_Lush_ 03-03-2006 01:36 AM
Google's responce:

In the interest of minimizing the impact that security vulnerabilities have on our end users, we highly encourage anyone who discovers a vulnerability in a Google product or service to follow responsible disclosure policies by contacting us first at security/at/google/dot/com .

More information is available at:
http://isc.sans.org/diary.php?storyid=1161


I guess google was a little mad about the public disclosure of this

Manowar 03-03-2006 02:00 AM
Quote:
Originally Posted by Pipecrew
Google has sent the blackhawk helicopters to his house and his host.
:1orglaugh :1orglaugh

dtoolbox 03-03-2006 02:14 AM
dont post url's with unlimited hosting here. for sure your hosting will be suspended in no time :1orglaugh

Nookster 03-03-2006 02:16 AM
That particular vuln has been known since gmail went live...about two years ago. :2 cents:

PussyTeenies 03-03-2006 02:40 AM
old and known "bug" (problem)

woj 03-03-2006 06:16 AM
Quote:
Originally Posted by Nookster
That particular vuln has been known since gmail went live...about two years ago. :2 cents:
gmail went live? I thought it's still in beta, heh


All times are GMT -7. The time now is 12:52 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123