Results 1 to 9 of 9
  1. #1
    Join Date
    Nov 2002

    Exclamation GMail Vulnerable To Contact List Hijacking

    (does not affect POP accounts)

    GMail Vulnerable To Contact List Hijacking

    Using a form of cross scripting, it becomes easy to steal a GMail userís contact list if they visit a certain type of website. The only condition is you have to be logged in to GMail at the time of the attack. GMail is setup to store your contact list in javascript files, which is the core problem. If you log into your GMail account, and click here, youíll see your contactís details, along with their email. I've tried the hack on IE7, Opera, and Firefox; it appears to be working on all three. To see a demonstration of the attack, login to your GMail account and go to this website. I donít know for sure if the list is being saved or not, so browse at your own risk. According to the website they arenít saving the data.

    Something worth noting is that the email it claims is yours, is never yours. I tried it on two different emails, and it failed both times. However both times it listed the address I get email from most as mine. Also in the image I've included, shows 23 contacts when it did indeed list all 200 or so.

  2. #2
    Join Date
    Sep 2005
    I just saw this on Digg. I hope it gets fixed (although I don't use it anymore).
    Ryan Smith

  3. #3
    Join Date
    Jun 2003
    Oklahoma City, OK
    Wild the time people have on there hands to come up with these exploits amazing.

  4. #4
    Join Date
    Dec 2006
    I sure hope google fixes this fast, I'm always on Gmail for buissness reasons, and I like it much better than anyother email service

  5. #5
    I use gmail for alot of my online stuff too....hope they get on it and fix it soon

  6. #6
    Join Date
    Apr 2004
    Maybe Google should reward people to find bugs on their system
    Singapore Managed Colocation
    Singapore BGP Announcement

  7. #7
    Join Date
    Apr 2005
    It was fixed yesterday or early this morning.
    IE7 is nine years behind the standards or wrong.
    But it works in IE!
    "IE is a cancer on the web" -- Paul Thurott
    "Avoid hacker-bait apps like Internet Explorer" -- Kevin Mitnick

  8. #8
    Join Date
    Jun 2003
    Quote Originally Posted by drhowarddrfine
    It was fixed yesterday or early this morning.

    The register have an article saying its fixed as well....

  9. #9
    Is this not the seccond hack on gmail? I remember one a while back how they could get in via cookies?
    Reliable, safe, secure. A company that cares about their clients

    MyPaidHost - For Vps | Shared | Resellers accounts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts