'[Full-Disclosure] Gmail Accounts Vulnerable to XSS Exploit'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Gmail Accounts Vulnerable to XSS Exploit
From:       "Todd Towles" <toddtowles () brookshires ! com>
Date:       2004-10-29 21:40:25
Message-ID: 9E97F0997FB84D42B221B9FB203EFA272D9873 () dc1ms2 ! msad ! brookshires ! net
[Download RAW message or body]

Slashdot.org
"A security hole in GMail has been found (an XSS vulnerability) which
allows access to user accounts without authentication. What makes the
exploit worse is the fact that changing passwords doesn't help. The full
details of the exploit haven't been disclosed. The vulnerability was
reported by Israeli news site Nana
<BLOCKED::http://net.nana.co.il/Article/?ArticleID=155025&sid=10> . They
were tipped off by an Israeli hacker. Google has been notified and they
are working to close the hole. The Register has the story here
<BLOCKED::http://www.theregister.co.uk/2004/10/29/gmail_vuln/> ."
 

 
 

[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2523" name=GENERATOR></HEAD>
<BODY>
<DIV><EM><SPAN class=403103921-29102004>Slashdot.org</SPAN></EM></DIV>
<DIV><EM><SPAN class=403103921-29102004>"</SPAN>A security hole in GMail has 
been found (an XSS vulnerability) which allows access to user accounts without 
authentication. What makes the exploit worse is the fact that changing passwords 
doesn't help. The full details of the exploit haven't been disclosed. The 
vulnerability was reported by Israeli news site </EM><A 
href="BLOCKED::http://net.nana.co.il/Article/?ArticleID=155025&amp;sid=10"><EM>Nana</EM></A><EM>. 
They were tipped off by an Israeli hacker. Google has been notified and they are 
working to close the hole. The Register has the story </EM><A 
href="BLOCKED::http://www.theregister.co.uk/2004/10/29/gmail_vuln/"><EM>here</EM></A><EM>."</EM></DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>&nbsp;</DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic