|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] GMail logout (not sure if you could call it a vulnerability)
From: Nico Golde (nion
gmx.net)
Date: Tue Jun 22 2004 - 06:35:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hallo QoDS,
* QoDS ec <QoDSecgmail.com> [2004-06-22 13:22]:
[...]
> for example consider the following invite link:
> http://gmail.google.com/gmail/a-da020f8475-a200b150b3
>
> if you change it to the following:
> http://gmail.google.com/gmail/a-da020f8435-a200b150b3
> ^^^^^^^^^^^^^
> Any of the following digits
> could change
> you will be automatically logged out and as it seems you will have the
> login name of the email of the person who did the invitation.
>
> Not sure if there is anything evil you could do about it but just a
> minor bug that should be fixed.
i think this is not really evil.
if i remind correctly this email address is also in the invitation
message.?
regards nico
--
Nico Golde - 310777820ICQ
nicongolde.de | niongmx.net | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69 C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA2BmZHYflSXNkfP8RAs5EAKCtmUOogl8J1oOa3NF2D5iMjHRc7ACdEBIQ
9e3wMheM1ayPkOtZwHrHTfM=
=qhqS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]