martes, 9 de agosto de 2011

Bug on Gmail contacts section

This is not a security issue, but it is related.
I discovered a stupid bug on the contacts service of Gmail the other day, trying to do a XSS injection in another site. When you put something like <(.*)> inside a contact, the contact disappears. This is due to google instead of escape the characters only remove your contact. Is a very good solution to avoid XSS, but not the best if you want to keep your contacts :) .
I reportered the bug and two hours after that it was fixed, but they didn't told me anything :(

The video with the bug:

No hay comentarios:

Publicar un comentario