[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Gmail XSS?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Gmail XSS?
From: Denzity <denzity@xxxxxxxxx>
Date: Mon, 1 Jan 2007 11:26:15 +0000

There's reports of a gmail xss in the wild that will steal someone's contact
list and email if they website is visited while being logged in to gmail.

http://cyber-knowledge.net/blog/2007/01/01/gmail-vulnerable-to-contact-list-hijacking/

I can't find this on Bugtraq or any release. Anyone have any more info or a
PoC?

Thanks, Denzity.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [OOT] Thesis for master degree
Next by Date: [Full-disclosure] Kerio Fake 'iphlpapi' DLL injection Vulnerability
Previous by thread: Re: [Full-disclosure] [OOT] Thesis for master degree
Next by thread: Re: [Full-disclosure] Gmail XSS?
Index(es):
- Date
- Thread