Google's GMailSite script is susceptible to cross site scripting attacks

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Google's GMailSite script is susceptible to cross site scripting attacks

来源：http://lostmon.blogspot.com/ 作者：Lostmon 发布时间：2005-12-31

------=_Part_2847_7486378.1135858452675
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: base64
Content-Disposition: inline

IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwpH
TWFpbFNpdGUgdmFyaWFibGUgQ3Jvc3MtU2l0ZSBTY3JpcHRpbmcgYW5kIHNjcmlwdCBpbmplY3Rp
b24KVmVuZG9yIFVybDpodHRwOi8vd3d3LmdtYWlsc2l0ZS5jb20vIDxodHRwOi8vd3d3LmdtYWls
c2l0ZS5jb20vPgp2ZW5kb3Igc3BlY2lmaWMgZW50cnk6aHR0cDovL2Zvcm9zLm9qb2J1c2NhZG9y
LmNvbS90ZW1hMTkzNi5odG1sCkFkdmlzb3JlOgpodHRwOi8vbG9zdG1vbi5ibG9nc3BvdC5jb20v
MjAwNS8xMi9nbWFpbHNpdGUtdmFyaWFibGUtY3Jvc3Mtc2l0ZS5odG1sClZlbmRvciBub3RpZnk6
eWVzIEV4cGxvaXQgYXZhaWxhYmxlOnllcwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKR01haWxTaXRlIGlzIHNjcmlwdCB0aGF0IGFsbG93
cyB0aGF0IHlvdSB1c2UgeW91cgphY2NvdW50IG9mIG1haWwgb2YgR01haWwgdG8gY3JlYXRlIGEg
cGFnZSBpbiB3aGljaAphbGwgdGhlIGF0dGFjaGVkIGFyY2hpdmVzIG9mIHlvdXIgbWVzc2FnZXMg
d2lsbCBiZQpwdWJsaXNoZWQgdGhhdCBlc3RlbiBrZXB0IHVuZGVyIHNvbWUgbGFiZWwgaW4geW91
cgphY2NvdW50IGZyb20gbWFpbC4KCkdNYWlsU2l0ZSBjb250YWlucyBhIGZsYXcgdGhhdCBhbGxv
d3MgYSByZW1vdGUKQ3Jvc3MtU2l0ZSBTY3JpcHRpbmcgYXR0YWNrLlRoaXMgZmxhdyBleGlzdHMg
YmVjYXVzZQp0aGUgYXBwbGljYXRpb24gZG9lcyBub3QgdmFsaWRhdGUgJ2xuZycgdmFyaWFibGUg
dXBvbgpzdWJtaXNzaW9uIHRvIGluZGV4LnBocCBzY3JpcHQuVGhpcyBjb3VsZCBhbGxvdyBhIHVz
ZXIKdG8gY3JlYXRlIGEgc3BlY2lhbGx5IGNyYWZ0ZWQgVVJMIHRoYXQgd291bGQgZXhlY3V0ZQph
cmJpdHJhcnkgY29kZSBpbiBhIHVzZXIncyBicm93c2VyIHdpdGhpbiB0aGUgdHJ1c3QKcmVsYXRp
b25zaGlwIGJldHdlZW4gdGhlIGJyb3dzZXIgYW5kIHRoZSBzZXJ2ZXIsCmxlYWRpbmcgdG8gYSBs
b3NzIG9mIGludGVncml0eS4KCldlbiB3ZSAiaW5qZWN0IiB0aGUgaHRtbCBvciBqYXZhc2NyaXB0
IGNvZGUgaW4gdGhlICdsbmcnCnZhcmlhYmxlICwgdGhpcyBjb2RlIGlzIHdyaXRlIGluIHRoZSBj
b29ja2llIGFuZCBpdCBpcwpleGVjdXRlIGV2ZXJ5IHRpbWUgd2VuIHdlIGNsaWNrIG9uIGEgbGlu
ayBpbiB0aGUgR01haWxTaXRlCmZvciBzdG9wIHRoaXMgY29kZSBvbmx5IG5lZWQgdG8gY2xpY2sg
aW4gb3RoZXIgbGFuZ3VhZ2UuClRoaXMgRmxhdyBJcyBhIHBvc2libGUgc2NyaXB0IGluc2VyY2lv
bi4KCiMjIyMjIyMjIyMjIyMjIyMjCnZlcnNpb25zIGFmZWN0ZWQKIyMjIyMjIyMjIyMjIyMjIyMK
CkdNYWlsU2l0ZQoKR21haWxTaXRlIDEuMC40IC0KR21haWxTaXRlIDEuMC4zIC0KR21haWxTaXRl
IDEuMC4yIC0KR21haWxTaXRlIDEuMC4xIC0KR21haWxTaXRlIDEuMCAgIC0KCkdGSG9zdAoKR0ZI
b3N0IDAuNC4yCkdGSG9zdCAwLjQuMQpHRkhvc3QgMC40CkdGSG9zdCAwLjMKR0ZIb3N0IDAuMgpH
Rkhvc3QgMC4xLjEKCiMjIyMjIyMjIyMjIyMjIyMjClNvbHV0aW9uCiMjIyMjIyMjIyMjIyMjIyMj
CgpObyBzb2x1dGlvbiBhdCB0aGlzIHRpbWUgISEhCgojIyMjIyMjIyMjIyMjClRpbWVsaW5lCiMj
IyMjIyMjIyMjIyMKCkRpc2NvdmVyZWQ6IDEzLTExLTIwMDUKVmVuZG9yIG5vdGlmeTogMjgtMTIt
MjAwNQpWZW5kb3IgcmVzcG9uc2U6MjgtMTItMjAwNQpEaXNjbG9zdXJlOjI5LTEyLTIwMDUKCiMj
IyMjIyMjIyMjIyMjIyMjIwpFeGFtcGxlCiMjIyMjIyMjIyMjIyMjIyMjIwoKaHR0cDovL1tWSUNU
SU1dLz9sbmc9ZXMiPjxzY3JpcHQ+YWxlcnQoZG9jdW1lbnQuY29va2llKTwvc2NyaXB0PgpodHRw
Oi8vW1ZJQ1RJTV0vaW5kZXgucGhwP2xuZz1lcyI+PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29r
aWUpPC9zY3JpcHQ+CgojIyMjIyMjIyMjIyMjIyMjIyMjIyMggG5kICMjIyMjIyMjIyMjIyMjIwoK
VGhueCB0byBlc3RyZWxsYSB0byBiZSBteSBsaWd0aAoKYXRlbnRhbWVudGU6Ckxvc3Rtb24gKGxv
c3Rtb25AZ21haWwuY29tKQpXZWItQmxvZzogaHR0cDovL2xvc3Rtb24uYmxvZ3Nwb3QuY29tLwot
LQpMYSBjdXJpb3NpZGFkIGVzIGxvIHF1ZSBoYWNlIG1vdmVyIGxhIG1lbnRlLi4uLgo=
------=_Part_2847_7486378.1135858452675
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: base64
Content-Disposition: inline

PGRpdj4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjPGJyPkdNYWlsU2l0ZSB2YXJpYWJsZSBDcm9zcy1TaXRlIFNjcmlwdGluZyBhbmQgc2NyaXB0
IGluamVjdGlvbjxicj5WZW5kb3IgPGEgb25jbGljaz0icmV0dXJuIHRvcC5qcy5PcGVuRXh0TGlu
ayh3aW5kb3csZXZlbnQsdGhpcykiIGhyZWY9Imh0dHA6Ly93d3cuZ21haWxzaXRlLmNvbS8iIHRh
cmdldD0iX2JsYW5rIj4KVXJsOmh0dHA6Ly93d3cuZ21haWxzaXRlLmNvbS88L2E+PC9kaXY+Cjxk
aXY+dmVuZG9yIHNwZWNpZmljIGVudHJ5OjxhIG9uY2xpY2s9InJldHVybiB0b3AuanMuT3BlbkV4
dExpbmsod2luZG93LGV2ZW50LHRoaXMpIiBocmVmPSJodHRwOi8vZm9yb3Mub2pvYnVzY2Fkb3Iu
Y29tL3RlbWExOTM2Lmh0bWwiIHRhcmdldD0iX2JsYW5rIj5odHRwOi8vZm9yb3Mub2pvYnVzY2Fk
b3IuY29tL3RlbWExOTM2Lmh0bWw8L2E+PGJyPkFkdmlzb3JlOjxhIGhyZWY9Imh0dHA6Ly9sb3N0
bW9uLmJsb2dzcG90LmNvbS8yMDA1LzEyL2dtYWlsc2l0ZS12YXJpYWJsZS1jcm9zcy1zaXRlLmh0
bWwiPgpodHRwOi8vbG9zdG1vbi5ibG9nc3BvdC5jb20vMjAwNS8xMi9nbWFpbHNpdGUtdmFyaWFi
bGUtY3Jvc3Mtc2l0ZS5odG1sPC9hPjwvZGl2Pgo8ZGl2PlZlbmRvciBub3RpZnk6eWVzIEV4cGxv
aXQgYXZhaWxhYmxlOnllcyA8YnI+IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMgPC9kaXY+CjxwPkdNYWlsU2l0ZSBpcyBzY3JpcHQgdGhhdCBh
bGxvd3MgdGhhdCB5b3UgdXNlIHlvdXI8YnI+YWNjb3VudCBvZiBtYWlsIG9mIEdNYWlsIHRvIGNy
ZWF0ZSBhIHBhZ2UgaW4gd2hpY2g8YnI+YWxsIHRoZSBhdHRhY2hlZCBhcmNoaXZlcyBvZiB5b3Vy
IG1lc3NhZ2VzIHdpbGwgYmU8YnI+cHVibGlzaGVkIHRoYXQgZXN0ZW4ga2VwdCB1bmRlciBzb21l
IGxhYmVsIGluIHlvdXI8YnI+YWNjb3VudCBmcm9tIG1haWwuIAo8L3A+CjxwPkdNYWlsU2l0ZSBj
b250YWlucyBhIGZsYXcgdGhhdCBhbGxvd3MgYSByZW1vdGUgPGJyPkNyb3NzLVNpdGUgU2NyaXB0
aW5nIGF0dGFjay5UaGlzIGZsYXcgZXhpc3RzIGJlY2F1c2U8YnI+dGhlIGFwcGxpY2F0aW9uIGRv
ZXMgbm90IHZhbGlkYXRlICdsbmcnIHZhcmlhYmxlIHVwb248YnI+c3VibWlzc2lvbiB0byBpbmRl
eC5waHAgc2NyaXB0LlRoaXMgY291bGQgYWxsb3cgYSB1c2VyIAo8YnI+dG8gY3JlYXRlIGEgc3Bl
Y2lhbGx5IGNyYWZ0ZWQgVVJMIHRoYXQgd291bGQgZXhlY3V0ZTxicj5hcmJpdHJhcnkgY29kZSBp
biBhIHVzZXIncyBicm93c2VyIHdpdGhpbiB0aGUgdHJ1c3QgPGJyPnJlbGF0aW9uc2hpcCBiZXR3
ZWVuIHRoZSBicm93c2VyIGFuZCB0aGUgc2VydmVyLDxicj5sZWFkaW5nIHRvIGEgbG9zcyBvZiBp
bnRlZ3JpdHkuPC9wPgo8cD5XZW4gd2UgJnF1b3Q7aW5qZWN0JnF1b3Q7IHRoZSBodG1sIG9yIGph
dmFzY3JpcHQgY29kZSBpbiB0aGUgJ2xuZyc8YnI+dmFyaWFibGUgLCB0aGlzIGNvZGUgaXMgd3Jp
dGUgaW4gdGhlIGNvb2NraWUgYW5kIGl0IGlzIDxicj5leGVjdXRlIGV2ZXJ5IHRpbWUgd2VuIHdl
IGNsaWNrIG9uIGEgbGluayBpbiB0aGUgR01haWxTaXRlPGJyPmZvciBzdG9wIHRoaXMgY29kZSBv
bmx5IG5lZWQgdG8gY2xpY2sgaW4gb3RoZXIgbGFuZ3VhZ2UuIAo8YnI+VGhpcyBGbGF3IElzIGEg
cG9zaWJsZSBzY3JpcHQgaW5zZXJjaW9uLjwvcD4KPHA+IyMjIyMjIyMjIyMjIyMjIyM8YnI+dmVy
c2lvbnMgYWZlY3RlZDxicj4jIyMjIyMjIyMjIyMjIyMjIzwvcD4KPHA+R01haWxTaXRlPC9wPgo8
cD5HbWFpbFNpdGUgMS4wLjQgLSA8YnI+R21haWxTaXRlIDEuMC4zIC0gPGJyPkdtYWlsU2l0ZSAx
LjAuMiAtIDxicj5HbWFpbFNpdGUgMS4wLjEgLSA8YnI+R21haWxTaXRlIDEuMCZuYnNwOyZuYnNw
OyAtIDwvcD4KPHA+R0ZIb3N0PC9wPgo8cD5HRkhvc3QgMC40LjIgPGJyPkdGSG9zdCAwLjQuMSA8
YnI+R0ZIb3N0IDAuNCA8YnI+R0ZIb3N0IDAuMyA8YnI+R0ZIb3N0IDAuMiA8YnI+R0ZIb3N0IDAu
MS4xIDwvcD4KPHA+IyMjIyMjIyMjIyMjIyMjIyM8YnI+U29sdXRpb248YnI+IyMjIyMjIyMjIyMj
IyMjIyM8L3A+CjxwPk5vIHNvbHV0aW9uIGF0IHRoaXMgdGltZSAhISE8L3A+CjxwPiMjIyMjIyMj
IyMjIyM8YnI+VGltZWxpbmU8YnI+IyMjIyMjIyMjIyMjIzwvcD4KPHA+RGlzY292ZXJlZDogMTMt
MTEtMjAwNTxicj5WZW5kb3Igbm90aWZ5OiAyOC0xMi0yMDA1PGJyPlZlbmRvciByZXNwb25zZToy
OC0xMi0yMDA1PGJyPkRpc2Nsb3N1cmU6MjktMTItMjAwNTwvcD4KPHA+IyMjIyMjIyMjIyMjIyMj
IyMjPGJyPkV4YW1wbGU8YnI+IyMjIyMjIyMjIyMjIyMjIyMjPC9wPgo8cD48YT5odHRwOi8vW1ZJ
Q1RJTV0vP2xuZz1lcyZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KGRvY3VtZW50LmNvb2tp
ZSkmbHQ7L3NjcmlwdDwvYT4mZ3Q7PGJyPjxhPmh0dHA6Ly9bVklDVElNXS9pbmRleC5waHA/bG5n
PWVzJnF1b3Q7Jmd0OyZsdDtzY3JpcHQmZ3Q7YWxlcnQoZG9jdW1lbnQuY29va2llKSZsdDsvc2Ny
aXB0PC9hPiZndDs8L3A+CjxwPiMjIyMjIyMjIyMjIyMjIyMjIyMjIyCAbmQgIyMjIyMjIyMjIyMj
IyMjPC9wPgo8cD5UaG54IHRvIGVzdHJlbGxhIHRvIGJlIG15IGxpZ3RoPC9wPgo8cD5hdGVudGFt
ZW50ZTo8YnI+TG9zdG1vbiAoPGEgb25jbGljaz0icmV0dXJuIHRvcC5qcy5PcGVuRXh0TGluayh3
aW5kb3csZXZlbnQsdGhpcykiIGhyZWY9Im1haWx0bzpsb3N0bW9uQGdtYWlsLmNvbSIgdGFyZ2V0
PSJfYmxhbmsiPmxvc3Rtb25AZ21haWwuY29tPC9hPik8YnI+V2ViLUJsb2c6IDxhIG9uY2xpY2s9
InJldHVybiB0b3AuanMuT3BlbkV4dExpbmsod2luZG93LGV2ZW50LHRoaXMpIiBocmVmPSJodHRw
Oi8vbG9zdG1vbi5ibG9nc3BvdC5jb20vIiB0YXJnZXQ9Il9ibGFuayI+Cmh0dHA6Ly9sb3N0bW9u
LmJsb2dzcG90LmNvbS88L2E+PGJyPi0tPGJyPkxhIGN1cmlvc2lkYWQgZXMgbG8gcXVlIGhhY2Ug
bW92ZXIgbGEgbWVudGUuLi4uIDwvcD4KPHA+Jm5ic3A7PC9wPgo=
------=_Part_2847_7486378.1135858452675--

[