Google Gmail exposed security vulnerabilities caused by the loss of the user domain name

news November 25th, according to an article in the security researcher Brandon published on Sunday pointed out that Google Gmail has a security vulnerability, so hackers may in case the user’s knowledge filter is arranged in the user email account.

Brandon pointed out in the article that the vulnerability has led some users to lose their domain names registered in

but Brandon did not disclose how to use this vulnerability to attack the details of the attack, but pointed out that the key to attack is to get the user name and the name of the variable.

users in the Gmail account to set the filter, will send a request to the Google server instructions. This request is in the form of URL and contains many variables. For security reasons, the browser does not display all the variables contained in the URL. But if you use Firefox and a Live HTTP Headers plugin, you can see all of the variables are sent to the Google server browser.


, as long as the user to find the name of the variable can be found.

Brandon said: "the process of obtaining these variables is complex, but not impossible. I’m not going to tell you what to do, but if you search on the Internet, you’ll know."

Brandon said, @ variables can be accessed by visiting malicious sites, he suggested that Google immediately after the release of each instruction to make the variable expired, rather than wait until after the end of the process expired.

in order to avoid becoming a victim of this vulnerability, Brandon recommends that users often check filter settings. He said, Firefox users can also download a NoScript plug-in to prevent attacks.

of course, any web site that uses cookies for authentication can be used by hackers in the same way. In order to avoid becoming the victim of this type of attack, Gmail users in the use of e-mail should be canceled after the normal way. In addition, users are best not to visit the site does not trust.

Google representatives did not immediately reply to the reporter’s advice.

Leave a Reply

Your email address will not be published. Required fields are marked *