Posts

Showing posts from September, 2019

XSS in Zoho Mail

Image
Hello Friends,

How are you all? I hope you are doing good. 

After a long time, I'm sharing another interesting finding here.

Recently, 
Last month I found an XSS vulnerability in Zoho Mail. 

I was busy with my exams. I had to send some work via email to my friend. So, I opened my laptop and then opened my google mail and saw that I've received so many emails. After completing my work and sending an email, I opened my other emails ie Yahoo, Zoho, Hotmail/Outlook etc. and read all emails but nothing was important.

So, I was closing my laptop and at that time, something clicked my mind that there is no image proxy on Zoho mail which is indeed a bug. I don't know why I was thinking that. So, I just visited Zoho mail and opened any random email which contain images and saw that there is an image proxy. Sad! I just copy the image address and opened the URL in the next tab of my browser and the URL look like this

https://mail.zoho.com/zm/ImageProxy?source=https://site.com/pic.jpg&ui…