Gmail Vulnerable To Contact List Hijacking

January 1, 2007 · Filed Under Security, Tech

Happy New Year Everyone!!! The best way to start this year is with a new security bug found in Gmail. It appears that Gmail stores our contact list information on a simple JavaScript file that could be read with a simple XSS. I dont know if you could access this file without XSS but I do know that you have to be loged in in order to see this. This was posted today on Digg and it seems as there will be more to come. This reminds me of the almost famous Gmail Bug that was found by Anelkaos, during that investigation we discovered how Gmail works its way around and I remember that many things are kept in JavaScript and if there where to be an XSS you could probably extract everything.

Yasser

Tags: GMail, Security