Bugtraq mailing list archives
Re: google xss
From: "Jim Ley" <jim () jibbering com>
Date: Mon, 10 Apr 2006 20:11:07 +0100
"Andy Meyers" <andy.meyers () hushmail com> wrote in message news:20060409235034.1AAAC17042 () smtp2 hushmail com...
My BlackICE stops this from XSS from happening, however changing the URL from a .ae domain to a .com and leaving the rest in tact, I am then prompted. http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=
The flaw is very exploitable, basically any search that includes a books result and contains script will trigger the flaw, the .com seems to only include the flaw in arabic, and sometime depending on the users location or some other thing (I can't identify). Using a different search to trigger more book results allows you to much more easily exploit it. http://jibbering.com/blog/?id=506 and http://jibbering.com/blog/?id=507 show a phishing exploit and a gmail contacts stealing method using the above attack. Google still appear to be unable to do the simple programming matter of encoding of user input before writing it back out. Cheers, Jim.
Current thread:
- google xss almfnod (Apr 09)
- RE: google xss Andy Meyers (Apr 10)
- Re: google xss Jim Ley (Apr 11)
- Re: google xss pagvac (Apr 11)
- Re: google xss Vladimir Levijev (Apr 13)
- RE: google xss Andy Meyers (Apr 10)