[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Google persistent xss and another security bug

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Google persistent xss and another security bug
From: sec yun <root@xxxxxxxxxx>
Date: Fri, 7 Jan 2011 11:17:22 +0800

Some one has reported security flaws about Google on wooyun

1 Google exploit by malicious software

 http://www.wooyun.org/bugs/wooyun-2010-0518

2 Google persistent xss

http://www.wooyun.org/bugs/wooyun-2010-01055   (Credit to
http://www.wooyun.org/whitehats/SnowGZ ) Tested on ie6

Google persistent xss is very funny,it looks like when the agent is
IE6,Google will come to  a different logic which will cause a persistent xss
attack.

WooYun is a connection platform for vendors and security researchers

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google persistent xss and another security bug
  - From: Jacky Jack

Prev by Date: [Full-disclosure] [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal
Next by Date: [Full-disclosure] Want to remove Encyclopedia Dramatica article? Think again. Sherrod DeGrippo, Andrew Auernheimer's cyberbully paradise.
Previous by thread: [Full-disclosure] [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal
Next by thread: Re: [Full-disclosure] Google persistent xss and another security bug
Index(es):
- Date
- Thread