 ᠌᠌᠌ | 12:08 pm Latest Google Exploits... (4 hours ago)  quote Until Google disables this. This link would work… If a “user” is logged into his gmail account. and for SOME reason visits this link (dont ask me how.. send him/her an email with an invite to googlegroups… but has a hidden hyperlink)... His/Her ENTIRE addressbook, loginid, auth token, other google account info/ address book COULD be captured and sent to LOL.. somone like me :-) The URL here DOES not send me any info.. but think about it, I could use this “script” to capture the “visible” info redirect the user back to google groups… so basically.. I end up having all “your” info without you knowing it… On case you dont trust , please do log into gmail and then come back and click on this link… http://groups-beta.google.com/groups/pr PS: I am not Interested in these kind of activities, it's just that my fellas love doing it    | |
| ᠌᠌᠌ | 12:10 pm Guys! Subah Accha Din tha, Found One More (4 hours ago) quotehttp://video.google.com/data/contacts?o | |
 Anonymous | 12:10 pm but not for children(4 hours ago) quotedont play with the link | |
 tanush shukla | 12:11 pm how can we redirect so that we can get this inf (4 hours ago) quote | |
| ᠌᠌᠌ | 12:12 pm (4 hours ago) quote YeaWarning Kids : Dont play With This | |
| ᠌᠌᠌ | 12:13 pm tanush shukla's Quoted message @ 12:11 pm (1 minute ago)(4 hours ago) quotehow can we redirect so that we can get this inf | |
| Anonymous | 12:15 pm i saved the first link yesterday(4 hours ago) quoteit gave me all my contacts info of the profile which was deleted from orkut  amazing | |
| ᠌᠌᠌ | 12:18 pm †✾►§σµℓ Яєค√єя◄✣'s Quoted message @ 12:15 pm (1 minute ago)(4 hours ago) quotei saved the first link yesterday it gave me all my contacts info of the profile which was deleted from orkut amazing Google has so many bugs and loops within..They are a bad company - ever heard yahoo ke saath ched chad, anyways i am a big time google fan | |
 | 12:19 pm (4 hours ago) quote | |
 Whiz | 12:21 pm me too...(4 hours ago) quote |
tanush shukla
12:23 pm(4 hours ago) quote
PLZ TELL ME NA(4 hours ago) quote᠌᠌᠌ | Jun 16 Warning To Kids - Don't Play With This (2 days ago) | |
| Anonymous | Jun 16 ^^^^(2 days ago) lolss | |
 C™ Zohaib | Jun 16 (2 days ago) | |
 :๓ย:●| ŚÁßĨĤ |● | Jun 16 (2 days ago) | |
 Rodrigo Lacerda | Jun 16 xml version(2 days ago) http://groups-beta.google.com/groups/pr | |
| Rodrigo Lacerda | Jun 16 or only(2 days ago) http://groups-beta.google.com/groups/pr xD cool | |
 fa | Jun 16 (2 days ago) nice... thanx for the info jerry ... | |
| ᠌᠌᠌ | Jun 16 Found one More (2 days ago) http://video.google.com/data/contacts?o | |
 ♥.♥Mr.¢σσℓ ®- ™♥ | Jun 16 (2 days ago) gr8 |
Rodrigo Lacerda
Jun 16(2 days ago)
I search about this in google, and I found somethings...(2 days ago) this is a old bug that was fixed yet
you only needed visit any web site, and your whole contact list could be stealed
but
Have a look at the very first thing in that javascript:
while(true);
.
If that URL were ever to be set as the src attribute of a javascript tag, it would cause the browser to infinitely loop, and the webpage including it would not be able to read any of the data.
So while google has had issues with JSON being able to be included by malicious websites previously, it seems that they've fixed them.
thnx to kuza55 from sla.ckers
