######################################
Gmail Checker plus Chrome extension XSS
extension: https://chrome.google.com/extensions/detail/gffjhibehnempbkeheiccaincokdjbfe
advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html
Exploit available:yes
#######################################
So in this case "Google Mail Checker Plus" version 1.1.7 (2010-02-10)
has a flaw that allow attackers to make XSS style attacks.
All extensions runs over his origin and no have way to altered data from extension or get sensitive data like , email account or password etc..
if we look how many users have instaled this extension =>
https://chrome.google.com/extensions/detail/gffjhibehnempbkeheiccaincokdjbfe
303,711 users have instaled it (WoW)
############
explanation
############
Google Mail Checker Plus allows users to view wen they have a new mail and
view a preview of the mail ....
if a attacker compose a new mail with html or javascript code in subject form field and send it to victim´s the code is executed wen Victim´s click in the extension to view the mail and wen victim´s accept the alert and view a preview of mail the iframe is executed too.
Gmail is a safe place , but the extension to manage it can be a potential
vector to attack it.
For example send a email With a logout acction in gmail in subject
"><iframe src="https://mail.google.com/mail/?logout&hl=es"></iframe>
it closes the sesion on gmmail , this is a XSRF , and , in the case what you say aa
it is executed in context and the location.href value is "about:blank"
So we have dispute it in http://code.google.com/p/chromium/issues/detail?id=45401
The developer has release a patch version in trunk =>
http://github.com/AndersSahlin/MailCheckerPlus/blob/54ab118e505feae819e676c8e525e8fe5409c981/src/mailaccount.class.js
please donload it and copy to your extension folder to solve it.
See Diff => http://github.com/AndersSahlin/MailCheckerPlus/commit/54ab118e505feae819e676c8e525e8fe5409c981#diff-0
######################€nd#################################
.
Thnx for your time !!!
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
skip to main |
skip to sidebar
Security Research & Analisys:
Personal Blog where I expose my investigations,
advisores and some outstanding news on security.
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
▼
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
►
2009
(25)
- ► November 2009 (1)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
►
2007
(29)
- ► October 2007 (1)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
-
►
2005
(54)
- ► December 2005 (1)
- ► April 2005 (14)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...
Online Tools & Calculators
Posts
Lostmon Blogger © All Rights Reserved