exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker Plus Chrome Extension Cross Site Scripting
Posted Jun 4, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Gmail Checker plus Chrome extension suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8770f77c00b6e3003524700b2169b9eb1fd1cf96129f6213cf8964179a2ddf6a

Gmail Checker Plus Chrome Extension Cross Site Scripting

Change Mirror Download
######################################
Gmail Checker plus Chrome extension XSS
extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff
advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html
Exploit available:yes
#######################################

So in this case "Google Mail Checker Plus" version 1.1.7 (2010-02-10)
has a flaw that allow attackers to make XSS style attacks.

All extensions runs over his origin and no have way to altered data
from extension or get sensitive data like , email account or password
etc..

if we look how many users have instaled this extension =>
https://chrome.google.com/extensions/detail/gffjhibehnempbkeheiccaincokdjbfe
303,711 users have instaled it (WoW)

############
explanation
############

Google Mail Checker Plus allows users to view wen they have a new mail and
view a preview of the mail ....

if a attacker compose a new mail with html or javascript code in
subject form field and send it to victim´s the code is executed wen
Victim´s click in the extension to view the mail and wen victim´s
accept the alert and view a preview of mail the iframe is executed
too.

Gmail is a safe place , but the extension to manage it can be a potential
vector to attack it.

For example send a email With a logout acction in gmail in subject
"><iframe src="https://mail.google.com/mail/?logout&hl=es"<>/iframe>
it closes the sesion on gmmail , this is a XSRF , and , in the case
what you say aa
it is executed in context and the location.href value is "about:blank"

So we have dispute it in
http://code.google.com/p/chromium/issues/detail?id=45401
The developer has release a patch version in trunk =>
http://github.com/AndersSahlin/MailCheckerPlus/blob/54ab118e505feae819e676c8e525e8fe5409c981/src/mailaccount.class.js
please donload it and copy to your extension folder to solve it.

See Diff => http://github.com/AndersSahlin/MailCheckerPlus/commit/54ab118e505feae819e676c8e525e8fe5409c981#diff-0

######################€nd#################################
.

Thnx for your time !!!

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close