سلام گوگل راجه به این موضوعات با من مکاتبه میکنه ولی متاسفانه ثبت نمیشه ولی کاملا واضح است ضعف امنیتی و سوئ استفاده ای که میشه کرد در پستای بعدی فیلم و بعضی از مکاتباتم رو میزارم# csrf recovery message in gmail# Risk: high# Version: All# Date: August - September 2017# Author: Hosein)root# Tested on windows; Mozilla Firefox 54# Vulnerable File: https://mail.google.com/mail/u/0/?ta...e2ebb2438ce504#explain vulnerability:#when you enter to email in inbox you have vertification code 15e2ebb2438ce504 after inbox/ we save this code
#when user clear message from inbox- and clear message from trash .our users want message deelted for ever. but not deleted and easy recovery
#when gmail is hacked .
#attacker can easly bruteforce vertification code by creat large table from small alpha and numbers and recovery secure message is deleted
#######
#when user clear message from inbox- and clear message from trash .our users want message deelted for ever. but not deleted and easy recovery
#when gmail is hacked .
#attacker can easly bruteforce vertification code by creat large table from small alpha and numbers and recovery secure message is deleted
#######
نظر