Search the Community
Showing results for tags 'validation'.
I would like to share this one recent bug i found in gmail. It allows sending a list of about 200 email addresses and validates them if they exist in the google DB or not. This validator script is used by gmail while registering new users (ajax request is sent which shows whether entered email is available or not while user is filling up fields). Its simple XSS. Anyone can send a request containing multiple usernames and gmail replies with answer for every single of them whether it exists or not. Here is my oroginal post and description: http://vincian.blogspot.in/ http://vincian.tx0.org/links/gmail_email_validation.html Just thought of sharing it with hak5 :-)