narkive is for sale. Interested? (dismiss)
Discussion:
Google persistent xss and another security bug
(too old to reply)
sec yun
2011-01-07 03:17:22 UTC
Permalink
Some one has reported security flaws about Google on wooyun

1 Google exploit by malicious software

http://www.wooyun.org/bugs/wooyun-2010-0518

2 Google persistent xss

http://www.wooyun.org/bugs/wooyun-2010-01055 (Credit to
http://www.wooyun.org/whitehats/SnowGZ ) Tested on ie6

Google persistent xss is very funny,it looks like when the agent is
IE6,Google will come to a different logic which will cause a persistent xss
attack.

WooYun is a connection platform for vendors and security researchers

:)
Jacky Jack
2011-01-07 07:55:44 UTC
Permalink
Nice find

http://www.google.com/search?q=<script>alert(xss

Payload must be short within the description length.


LinkedIn</a></h3><div
class="f">Libia&nbsp;-&nbsp;"><script>alert("XSS");</script> at
"><script>alert("XSS");</script></div><div class="s">View
&quot;&gt;&#39;s professional profile on LinkedIn. LinkedIn is the
world&#39;s largest <br> business network, helping professionals like
&quot;&gt; discover inside connections to <br>
<b>...</b><br><div><cite>www.linkedin.com/pub/%2522-script-ale...
Post by sec yun
Some one has reported security flaws about Google on wooyun
1 Google exploit by malicious software
 http://www.wooyun.org/bugs/wooyun-2010-0518
2 Google persistent xss
http://www.wooyun.org/bugs/wooyun-2010-01055   (Credit to http://www.wooyun.org/whitehats/SnowGZ ) Tested on ie6
Google persistent xss is very funny,it looks like when the agent is IE6,Google will come to  a different logic which will cause a persistent xss attack.
WooYun is a connection platform for vendors and security researchers
:)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htm

Loading...