Full Disclosure mailing list archives
GMail logout (not sure if you could call it a vulnerability)
From: QoDS ec <QoDSec () gmail com>
Date: Mon, 21 Jun 2004 20:24:15 -0400
I might have found a little glich in GMail's invitation system. I was playing today with GMail and found that if you change the invite hyper link to something different you will be logged out from your GMail session. for example consider the following invite link: http://gmail.google.com/gmail/a-da020f8475-a200b150b3 if you change it to the following: http://gmail.google.com/gmail/a-da020f8435-a200b150b3 ^^^^^^^^^^^^^ Any of the following digits could change you will be automatically logged out and as it seems you will have the login name of the email of the person who did the invitation. Not sure if there is anything evil you could do about it but just a minor bug that should be fixed. comments appreciated. QODS ec QODSec.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GMail logout (not sure if you could call it a vulnerability) QoDS ec (Jun 21)
- Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 22)
- Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 22)
- Re: GMail logout (not sure if you could call it a vulnerability) Nico Golde (Jun 23)