XSS in Google?

I got an invitation from gmail team today…

I think they have started sending invitations to the ones who had subscribed to “Receive gmail updates in mail”

so in that mail..there is a link to “unsubscribe yourself” from the list…

I clicked it and tried entering script code in that…it did not work…I tried again by adding ” and then finally it worked after adding “> in variable email

Wanna see it action ?

Check the screenshot

You will see javascript alert saying “Hi”, I am sure you know what all you can do with it šŸ˜‰

I have already mail google security team about this, I think they should fix this small issue in few hours…

UPDATE: They are so quick….I got reply from them in less than an hour…very impressive…. where our Indiatimes, They have still not replied to my mail…they should learn something from google..

This is what I got from them

Hi Deep,

Thanks for letting us know! We will fix this problem as soon as possible.

Also, if you would like a Google T-shirt, please send us your mailing address and t-shirt size, and we’ll send a shirt.

Google Security Team


  1. Thats something cool ! BTW @ Deep ! Order 2 T-Shirts, so that I can take one šŸ˜‰ (lol hehehehe). Google is giving u bribe or compliments ?


    Anyway, good one deep !

  2. So whts up deep ? Have the T-Shirts been shipped ? And I wanna ask u permission about posting this as news on my website ?

    Wht do u say ?

  3. No problemos šŸ™‚

    The only condition is, provide the link to this article in the source…. that’s it..


Leave a Reply

Required fields are marked *.

This site uses Akismet to reduce spam. Learn how your comment data is processed.