WebApp Sec mailing list archives

Re: XSS?

From: "Aman Raheja" <araheja () techquotes com>
Date: 15 Nov 2005 13:51:27 -0000

This is not XSS but indeed a vulnerability since they are not validating 
the URL and it's irresponsible of google not to take care of this kind of 
vulnerability which would aid phishing.

Aman Raheja
http://www.techquotes.com

On Tue, 15 Nov 2005 11:52:19 +0800, Andrew Chan <quickt () gmail com> wrote :

I tried http://www.google.com/url?q=http://www.microsoft.com and it got
directed. it seems that I received one such phishing email that makes
use of this to obfuscate the actual URL lately.

Current thread:

XSS? Andrew Chan (Nov 15)
- Re: XSS? Tom Gallagher (Nov 15)
- <Possible follow-ups>
- Re: XSS? Aman Raheja (Nov 15)
  - Re: XSS? Serg B. (Nov 15)
    - Re: XSS? Aman Raheja (Nov 17)
    - Re: XSS? Serg Belokamen (Nov 17)
    - Re: XSS? Andrew Chan (Nov 18)
  - Re: XSS? Pilon Mntry (Nov 15)
- RE: XSS? Matt Fisher (Nov 30)