GMail logout (not sure if you could call it a vulnerability)

[QoDS ec <QoDSec () gmail com>]

I might have found a little glich in GMail's invitation system. I was
playing today with GMail and found that if you change the invite hyper
link to something different you will be logged out from your GMail
session.

for example consider the following invite link:
http://gmail.google.com/gmail/a-da020f8475-a200b150b3

if you change it to the following:
http://gmail.google.com/gmail/a-da020f8435-a200b150b3
                                            ^^^^^^^^^^^^^
                                         Any of the following digits
could change
you will be automatically logged out and as it seems you will have the
login name of the email of the person who did the invitation.

Not sure if there is anything evil you could do about it but just a
minor bug that should be fixed.

comments appreciated.


QODS ec

QODSec.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html