mailing list archives
Re: google xss
From: "Vladimir Levijev" <vladimir.levijev () gmail com>
Date: Wed, 12 Apr 2006 15:34:55 +0300
On 4/10/06, pagvac <unknown.pentester () gmail com> wrote:
Very nice observation. Good reminder that sometimes you don't need to
go fancy using different encodings and so on. Sometimes, changing a
simple field value can make a difference (such as in this case). Many
people have tried really hard to find XSS bugs in the main English
version of the Google search page (there are several examples that
went public), but this guy was much smarter and tried something
different (changing the language parameter in this case).
Yesterday this worked for me and I disabled script for google.com .
Today I enabled the script for google and tested it again. I could not
reproduce it! Seems google has fixed this bug. Correct me if I'm
wrong. For now I have enabled script back for google.
[vl () dimir]#