Showing posts from September, 2019

XSS in Zoho Mail

Hello Friends, How are you all? I hope you are doing good.  After a long time, I'm sharing another interesting finding here. Recently,  Last month I found an XSS vulnerability in Zoho Mail.  I was busy with my exams. I had to send some work via email to my friend. So, I opened my laptop and then opened my google mail and saw that I've received so many emails. After completing my work and sending an email, I opened my other emails ie Yahoo, Zoho, Hotmail/Outlook etc. and read all emails but nothing was important. So, I was closing my laptop and at that time, something clicked my mind that there is no image proxy on Zoho mail which is indeed a bug. I don't know why I was thinking that. So, I just visited Zoho mail and opened any random email which contain images and saw that there is an image proxy. Sad! I just copy the image address and opened the URL in the next tab of my browser and the URL look like this