Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: google xss
From: "Jim Ley" <jim () jibbering com>
Date: Mon, 10 Apr 2006 20:11:07 +0100


"Andy Meyers" <andy.meyers () hushmail com> wrote in message 
news:20060409235034.1AAAC17042 () smtp2 hushmail com   
My BlackICE stops this from XSS from happening, however changing the URL
from a .ae domain to a .com and leaving the rest in tact, I am then
prompted.

http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=

The flaw is very exploitable, basically any search that includes a books 
result and contains script will trigger the flaw, the .com seems to only 
include the flaw in arabic, and sometime depending on the users location or 
some other thing (I can't identify).

Using a different search to trigger more book results allows you to much 
more easily exploit it.

http://jibbering.com/blog/?id=506 and http://jibbering.com/blog/?id=507 
show a phishing exploit and a gmail contacts stealing method using the above 
attack.

Google still appear to be unable to do the simple programming matter of 
encoding of user input before writing it back out.

Cheers,

Jim. 




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault