lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 10 Apr 2006 20:40:18 +0100
From: pagvac <unknown.pentester@...il.com>
To: "Andy Meyers" <andy.meyers@...hmail.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: google xss


Interesting that it's *not* choosing a tld different to ".com" what
triggers the bug, but rather the language field ("hl").

In other words, if we change
[http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=]
to [http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=]
the bug *still* works, but it *stops* working when you change the
language to English for instance:
[http://www.google.com/search?hl=en&q=<script>alert("1")</script>&meta=]

Very nice observation. Good reminder that sometimes you don't need to
go fancy using different encodings and so on. Sometimes, changing a
simple field value can make a difference (such as in this case). Many
people have tried really hard to find XSS bugs in the main English
version of the Google search page (there are several examples that
went public), but this guy was much smarter and tried something
different (changing the language parameter in this case).

Good post!




On 4/10/06, Andy Meyers <andy.meyers@...hmail.com> wrote:
> My BlackICE stops this from XSS from happening, however changing the URL
> from a .ae domain to a .com and leaving the rest in tact, I am then
> prompted.
>
> http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta=
>
> Ashes
>
> -----Original Message-----
> From: almfnod@...ab.com [mailto:almfnod@...ab.com]
> Sent: Tuesday, April 04, 2006 2:35 PM
> To: bugtraq@...urityfocus.com
> Subject: google xss
>
> http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=
>
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ