Gmail Send Form Temporarily Stores the Files for Download
This article is about manipulating Gmail to send emails containing form buttons and using the redirection to download files into the victims machine, granted that they are dumb enough to do so. All we need is a GMail account
- Compose a new message in your gmail account
- Copy this file and save as a .html file
<form style="margin:0px" action="https://www.youtube.com/" method="post" target="view">
<input style="margin-bottom:5px;font-family:verdana;" name="submit" type="submit" value="Download" onclick="displayad()">
- Copy this file and save it as .js
// Declare variables
var fso, f1, ts, tf;
var ForWriting = 2;
// Create script
fso = new ActiveXObject("Scripting.FileSystemObject");
tf = fso.CreateTextFile("TEMP.BAT", true);
// Send code to external script
tf.WriteLine("echo.This script was created and executed within a jscript file.");
// Start the script / process
var WshShell = new ActiveXObject("WScript.Shell");
- Now send yourself a message and include the .js file as an attachment.
- Open the email and right click over the download link and click on the copy link tab
- Now go back to your html file and replace the line containing
with the link to the .js file you just copied.
- Open the html file in your browser click any where on the page then ctrl c to copy the contents of the rendered html page.
- Go back to your Gmail account and create a new message again
- In the message body section press ctrl v to copy the rendered html form button into the message.
- Send the email to yourself.
- Now when you open the email you should have a form button that says Download and when you click it you will be prompted by the redirection warning which when you click ok will download the .js file.
- Note that if you delete the .js file from your inbox or close your gmail in some cases you will be redirected to the 404 error page because the link will no longer exist at that address.
- This test was preformed using Gmail and Firefox.
- In my test I was able to send .ico files to myself and then copy the links and insert them into my html file as locations for the html to look for when searching for the path to the icon files.
- In the end I was able to render an entire html page in full without the need of my own server.