WebApp Sec mailing list archives
Re: XSS?
From: "Aman Raheja" <araheja () techquotes com>
Date: 15 Nov 2005 13:51:27 -0000
This is not XSS but indeed a vulnerability since they are not validating the URL and it's irresponsible of google not to take care of this kind of vulnerability which would aid phishing. Aman Raheja http://www.techquotes.com On Tue, 15 Nov 2005 11:52:19 +0800, Andrew Chan <quickt () gmail com> wrote :
I tried http://www.google.com/url?q=http://www.microsoft.com and it got directed. it seems that I received one such phishing email that makes use of this to obfuscate the actual URL lately.