[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Cross Site Scripting in Google

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: [Full-disclosure] Cross Site Scripting in Google
From: RSnake <rsnake@xxxxxxxxxxxx>
Date: Tue, 4 Jul 2006 21:55:01 -0700 (PDT)

Google is vulnerable to cross site scripting attacks.  I found a
function built off their add RSS feed function that returns HTML if a
valid feed is found.  It is intended as an AJAXy (dynamic JavaScript
anyway) call from an inline function and the page is intended to do
sanitation of the function.  However, that's too late, and it returns
the HTML as a query string, that is rendered, regardless of the fact
that it is simply a JavaScript snippet.

Here is the post that explains the whole thing:

http://ha.ckers.org/blog/20060704/cross-site-scripting-vulnerability-in-google/


-RSnake
http://ha.ckers.org/
http://ha.ckers.org/xss.html
http://ha.ckers.org/blog/feed/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google
  - From: bugtraq

Prev by Date: Re: [Full-disclosure] Undisclosed breach at major US facility
Next by Date: Re: [Full-disclosure] Undisclosed breach at major US facility
Previous by thread: Re: [Full-disclosure] Re: Google and Yahoo search engine zero-day code
Next by thread: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google
Index(es):
- Date
- Thread