A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com.

In his post, Brandon writes that the vulnerability has caused some people to lose their domain names registered through GoDaddy.com.

When you create a filter in your Gmail account, a request is sent to Google's servers to be processed. The request is made in the form of a url with many variables. For security reasons, your browser doesn't display all the variable contained within the url. Using FireFox and a plugin called Live HTTP Headers, you can see exactly what variables are sent from your browser to Google's servers.

After that, an attacker just needs to identify the variable that is the equivalent of the username.

"Obtaining this variable is tricky but possible," he writes. "I'm not going to tell you how to do it, if you search hard enough online you'll find out how."