Pages

2/13/2011

XSS on Gmail

I just read these two blog posts today, it's really interesting.

http://spareclockcycles.org/2010/12/14/gmail-google-chrome-xss-vulnerability/
          and
http://spareclockcycles.org/2011/02/11/android-gmail-app-stealing-emails-via-xss/


First one is, XSS on Gmail via Google Chrome.

     Briefly description is, the author found a very severe exploits in 10 minutes. It's an exploit that allows an attacker to use javascript or html as an attached file name and it will be rendered in Google Chrome in every version.

Example of the file name we are talking about is this (without any spaces)
"><img src="http://bit.ly/XcfTv" onload="alert(String.fromCharCode(88,83,83))"/>.txt

Second one is, XSS on Gmail via Android Gmail App

     During the time he was finding out the restriction of email address name on Gmail, the author discovered an XSS vulnerability on Gmail App on his Android phone. He investigated further and found that he can also download all e-mails, add a any person to contact list, automatically sending spam to any person, or the worst, download and run/render external file.

Examples of exploited email address

"><script>window.location='http://google.com'</script>"@somedmn.com

" onload=window.location='http://google.com'"@somedmn.com

Other than these,
      I also found 2 interesting websites from the posts:

http://www.google.com/corporate/halloffame.html - this reminds me that you can get some money by finding Google Chrome's vulnerability, and you can get into the hall of fame.

http://ha.ckers.org/xss.html - various patterns of how to use XSS

No comments:

Post a Comment