Welcome to WebmasterWorld Guest from 23.20.184.141

Forum Moderators: goodroi

Message Too Old, No Replies

Gmail exploit, allows website to get your contact list.

     
12:51 pm on Jan 1, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 14, 2003
posts:438
votes: 0


the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts.

[engadget.com...]

Best thing to do for now is to log out of google services and clear your cache, until the problem is fixed.

12:57 pm on Jan 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 30, 2004
posts:712
votes: 0


It seems they fixed it: [blogs.zdnet.com ]
1:09 pm on Jan 1, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 14, 2003
posts:438
votes: 0


There is a website that actually shows you,your contact list, After logging in and out, I tried it and it still shows all my contacts its not showing my email address but its showing my entire contact list.

<edit>
The website:
[googlified.com.googlepages.com...]
</edit>

1:28 pm on Jan 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 30, 2004
posts: 712
votes: 0


Not fixed indeed. Interesting. It shows the gmail address of a relative (not mine) and my contactlist..