Full Disclosure mailing list archives

Re: GMail logout (not sure if you could call it a vulnerability)

From: Nico Golde <nion () gmx net>
Date: Tue, 22 Jun 2004 13:37:55 +0200

Hallo QoDS,

* QoDS ec <QoDSec () gmail com> [2004-06-22 13:22]:

for example consider the following invite link:
http://gmail.google.com/gmail/a-da020f8475-a200b150b3

if you change it to the following:
http://gmail.google.com/gmail/a-da020f8435-a200b150b3
                                            ^^^^^^^^^^^^^
                                         Any of the following digits
could change
you will be automatically logged out and as it seems you will have the
login name of the email of the person who did the invitation.

Not sure if there is anything evil you could do about it but just a
minor bug that should be fixed.


and the login at this point doesnt works correctly.
ia am not able to login at this stage.
is it only my problem?
regards nico
-- 
Nico Golde - 310777820@ICQ
nico () ngolde de | nion () gmx net | http://www.ngolde.de
GPG: FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF
Is there life after /sbin/halt -p?

Attachment: _bin
Description:

Current thread:

GMail logout (not sure if you could call it a vulnerability) QoDS ec (Jun 21)
- Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 22)
- Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 22)
  - Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 23)