March 1, 2006
GMail vulnerability: GMail runs javascript in body
A great discovery from http://ph3rny.blogspot.com/2006/03/vulnerability-in-gmail.html.
If you send a mail to GMail from a different service (like Yahoo Mail) and include javascript in your body, GMail executes it.
A sample:
Subject: a
Body: asdfasdf<script>alert("asdF");</script>
I tried using document.location='http://www.cnn.com' and it works, GMail homepage automatically redirects to CNN. It's funny that you can't come back to GMail unless you disable Javascript, go to gmail.com and delete the mail.
Nice discussion at Digg.
Update: it's fixed.
If you send a mail to GMail from a different service (like Yahoo Mail) and include javascript in your body, GMail executes it.
A sample:
Subject: a
Body: asdfasdf<script>alert("asdF");</script>
I tried using document.location='http://www.cnn.com' and it works, GMail homepage automatically redirects to CNN. It's funny that you can't come back to GMail unless you disable Javascript, go to gmail.com and delete the mail.
Nice discussion at Digg.
Update: it's fixed.
Subscribe to:
Post Comments (Atom)
2 comments:
The first thing I thought:
Reply Deletefor (i=1;i<=10000000000000;i+=1)
{
alert(";O");
}
In Microsoft Internet Explorer V 8.0 I still could cause a trouble!!!
In Mozilla and Google Chrome I can avoid new alerts...
but how we send dynamic javascript included HTML emails from our server ?
Reply DeleteNote: Only a member of this blog may post a comment.
[フレーム]