lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e1eam3$pko$1@sea.gmane.org>
Date: Mon, 10 Apr 2006 20:11:07 +0100
From: "Jim Ley" <jim@...bering.com>
To: bugtraq@...urityfocus.com
Subject: Re: google xss



"Andy Meyers" <andy.meyers@...hmail.com> wrote in message 
news:20060409235034.1AAAC17042@...p2.hushmail.com...
> My BlackICE stops this from XSS from happening, however changing the URL
> from a .ae domain to a .com and leaving the rest in tact, I am then
> prompted.
>
> http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=

The flaw is very exploitable, basically any search that includes a books 
result and contains script will trigger the flaw, the .com seems to only 
include the flaw in arabic, and sometime depending on the users location or 
some other thing (I can't identify).

Using a different search to trigger more book results allows you to much 
more easily exploit it.

http://jibbering.com/blog/?id=506 and http://jibbering.com/blog/?id=507 
show a phishing exploit and a gmail contacts stealing method using the above 
attack.

Google still appear to be unable to do the simple programming matter of 
encoding of user input before writing it back out.

Cheers,

Jim. 





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ